Affected by the Latest Microsoft Exchange Breach? Here's What You Need to Know

Vulnerabilities in Microsoft Exchange have been the gift that keeps on giving for cyber attackers. As illustrated by the surge of news stories recently, criminals have quickly exploited these vulnerabilities on a massive scale. It is time businesses prioritize strengthening their security posture rather than scrambling for quick fixes.

Several versions of Microsoft Exchange, ranging from Exchange 2010 to Exchange 2019, have known vulnerabilities which make them susceptible to cyberattacks. As these vulnerabilities were discovered, it was realized that tens of thousands of servers were at risk.

Once cyber attackers gained access to the Exchange servers, they deployed several different types of malicious software, such as ransomware and crypto-mining. Microsoft began developing emergency Exchange security patches to help protect customers and their businesses, but new vulnerabilities have since been discovered.

There were several steps that could have been taken to prevent the vulnerability from being exploited once it was discovered. Organizations could have immediately installed Exchange Cumulative Updates or patches onto servers in their environment. Additionally, running detection and removal tools provided by Microsoft may have also minimized the risk posed by the vulnerabilities.

BIGGEST QUESTIONS ADMINISTRATORS HAVE: 

How can I tell if someone has entered my environment? 

 

What did the attackers do? 

 

What do we need to do next? 

Many businesses have trouble answering the above questions because of limitations or gaps within their overall security strategy. Organizations often focus on visibility of external traffic and pay less attention to the threats in internal communications, such as intra-company emails.

The consequences of this lack of attention has been illustrated with the Exchange breaches. Organizations did not have the tools, practice, and bandwidth to trace where exactly the attackers penetrated and which resources they tried to access. Without tools enabling detailed visibility into their environment and security posture, understanding the spread of the threat became a never-ending search through logs and security events. The process was either time-consuming and expensive or not even possible at all. The gap in information burdened IT admins not only in a scramble for recovery but also through pressure from C-level teams for unavailable information.

Additionally, if the breach was not immediately detected and contained, recovery became even more difficult. Often solutions and fixes to vulnerabilities acted more as a band-aid rather than long-term and comprehensive solutions.

The correct tools, technology, and access to information can help businesses achieve greater insight, protection, and peace of mind in threat preparation and response. For many SMBs, a comprehensive IT cybersecurity plan with 24x7 Security Operations Center (SOC) monitoring, access to threat intelligence, advanced threat hunting and containment, and endpoint tools, seem out of reach. However, with modern cloud technologies, specifically SOC-as-a-Service (SOCaaS), this is no longer the case. Just like other cloud-based services such as as Backup-as-a-Service (BaaS) or Infrastructure-as-a-Service (IaaS), companies can adopt and scale enterprise-grade technologies without adding expensive infrastructure or building multiple data centers. In short, SOCaaS empowers companies with access to the best tools, people, and protection without the financial and operational burden of additional staff, software, and infrastructure.

The breach of Colonial Pipeline, an attack which disrupted national energy access and resulted in a $5 million paid ransom, was enabled through an Exchange vulnerability. The breach underscores how cybersecurity can no longer simply be an additional concern for businesses but needs to be an active priority. The chance that your organization, employees, and customers are compromised is rapidly increasing as bad actors become smarter and faster. Most companies, even larger ones, do not have the IT spend available to have dedicated teams, infrastructure, and toolsets to staff a full 24x7 Security Operations Center. Continuing to have good IT hygiene though performing patches, training, and endpoint monitoring will always be critical to keeping your environment safe. To ensure optimized and advanced cybersecurity protection for your IT environment, contact our team of certified and experienced security experts and consultants.