Vulnerabilities in the Microsoft Exchange Server software have led to 30,000 US businesses being hacked. And it’s a very dangerous hack.
A total of four vulnerabilities have been discovered in Microsoft Exchange Server (MES) which has allowed hackers to carry out numerous attacks. The hackers appear to be part of a Chinese cyber-espionage group who specialize in stealing email communications. It’s believed that hundreds of thousands of firms have been attacked with at least 30,000 of them being US-based. As email is a crucial part of any modern business, it’s not an exaggeration to say that the MES hack is a major threat.
What is the Microsoft Exchange Server Hack?
The MES hack appeared, at first, to be concerned with stealing email data from organizations that were running the server through internet-based systems. The four vulnerabilities, present through MES versions 2013 – 19, allowed the hackers easy access to emails. However, the hackers – who Microsoft have called Hafnium – did not stop at stealing emails. Once they had access to affected systems, they also installed a web shell. This granted Hafnium the opportunity to gain remote access and full administrator privileges. The web shell is password protected and ensures that disrupting the hackers’ access is highly difficult.
Microsoft quickly formulated a security patch to eliminate the vulnerabilities, but many organizations have failed to install the MES patch. As a result, these organizations remain at risk. And, to make matters worse, Hafnium still has them in their sights. Using automated software, Hafnium is actively scanning the internet for any organizations using unpatched versions of MES. This allows the hackers to continue their campaign of data theft and disruption. It also appears that Hafnium is not fussy about who they target. Industries as wide ranging as NGOs through to medical researchers and legal firms have all been infiltrated by the MES hack.
Protecting Against Vulnerabilities
When it comes to attacks such as the MES hack it’s vital that patches are installed as soon as possible. The longer your system is unpatched then the chances of it being breached are exceptionally high. And, if you give a hacker enough time, there’s the chance of additional malware such as ransomware being installed. Setting your updates to ‘automatic install’ is the simplest and quickest way to minimize this risk. This will ensure that any security updates are in place the moment they are available.
But you can’t rely on a patch alone. Patches are not always available in time. And this means that you run the risk of having your systems breached and data stolen. Therefore, make sure that you also implement these procedures:
- Monitor traffic entering and leaving your network to identify any potential breaches. Unusual levels of traffic can often indicate that hackers have taken control of your network.
- Segment your network where possible. By separating your network into several different segments, you are limiting the access that a hacker has if they infiltrate your system.
- Employ two-factor authentication procedures for gaining administrator privileges. This should make it next to impossible for hackers to take full control of your network.
For more ways to secure and optimize your business technology, contact your local IT professionals.