How companies can protect themselves from Microsoft Exchange Server threats

How seriously should people be taking the hacking attacks reported recently on Microsoft’s widely-used software systems.

Very, say experts, and the advice is fueling even more spending on cybersecurity, already one of the fastest growth areas in IT.

Microsoft Exchange Server, the most common business software in the world, was targeted by hackers in two separate attacks over the past few months.

It is the apparent success of the attacks that pose a serious threat for the thousands of companies across the world that use it for external and internal communication and as a calendar, potentially putting their sensitive data at risk.

Security experts estimated 20,000 US-based companies and another 80,000 firms around the globe were exposed by the most recent cybersecurity breach, adding to the 18,000 affected by the SolarWinds attack last year.

Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn

— National Security Council (@WHNSC) March 6, 2021

Earlier this month, Microsoft Corp (NASDAQ:MSFT) identified vulnerabilities affecting Exchange Server versions 2013, 2016 and 2019 which were being exploited as part of an attack chain.

It advised clients to immediately install updates to protect themselves against the attack.

The tech giant attributed the attacks to HAFNIUM, a group assessed to be state-sponsored and operating out of China, which primarily targets entities in the US including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs.

However, Microsoft reckons it had nothing to do with SolarWinds-related attacks, adding that there is no evidence the hacker behind that discovered or exploited any vulnerability in Microsoft products and services.

The SolarWinds breach has also created widespread concern when it emerged last year, although Microsoft stressed in December it had found no evidence of access to production services or customer data.

However, SolarWinds said that 18,000 out of its 300,000 customers were estimated to have downloaded an update laced with malware when the scandal arose last December.

“It is a serious threat, the outcome of which is difficult to predict since honeypot operators have been experiencing compromises while the attackers sit idly by with command and control to execute future damage, yet to be decided upon,” David Redekop, co-founder at Nerds on Site Inc. (CSE:NERD)(FRA:3NS.F)(OTCQB:NOSUF), told Proactive.

“In our industry, there has been a reluctance to provide an additional barrier to such compromises, which is to say that we cannot guarantee future attacks won’t happen on internet-facing systems but we can ’trap the thieves’ and prevent them from having their software be remotely controlled, never mind having awareness that they even compromise a system.”

According to Leigh Clark, Cyber Security Consultant at Airnow PLC, companies need to understand the overall security status of their hardware assets and networks, as well as gaining data risks analysis.

Based on its own individual profile, a business will then have to find a solution that it’s tailored to its needs, based on its size and activities.

“I think companies are keeping up with it… I think people are now becoming a bit more aware that budgets need to be around cyber, rather than just general IT, and the COVID-19 pandemic has changed how organisations are working,” he told Proactive.

Conversely, Alain Ghiai, chief executive at GlobeX Data Ltd (OTCQB:SWISF)(CSE:SWIS)(FRA:GDT), suggests more draconian measures and leave third-party servers altogether.

“What I would recommend if you use Microsoft for everything, which we all do… When it comes to the email part of it – which is the most crucial part of communication for businesses – I would recommend moving to a platform that is not using Amazon Web Service, Microsoft or Google,” he told Proactive.

It means that companies should use proprietary platforms for communicating internally and externally so they won’t rely on external servers, at least at top managerial levels to protect the most sensitive information.

Ghiai said that GlobeX Data experienced a spike in demand for its secure messaging system after the Microsoft hack emerged.

In the UK, the government’s National Cyber Security Centre is investigating the scale and impact of the country’s exposure to these threats.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates,” said Paul Chichester, NCSC Director for Operations, earlier this month.

“Organisations should also be alive to the threat of ransomware and familiarise themselves with our guidance. Any incidents affecting UK organisations should be reported to the NCSC.”

Story by ProactiveInvestors