Microsoft Exchange Server Zero-Day Exploit: Update Now!

Starting in early January 2021, another pandemic in the form of a zero-day exploit has been taking advantage of on-premise installations of Microsoft Exchange Server. Threat actors have been attacking business networks around the world as quickly as COVID-19 attacked our global health.

What is a zero-day exploit?

A zero-day exploit is when attackers find an unknown vulnerability in software or hardware and then leverage it before security teams detect it and create a defensive patch. It goes unnoticed until attackers send their ransom note.

In this recent zero-day exploit, attackers searched for and found vulnerabilities in Microsoft Exchange Servers that many businesses use on-premise. The attackers exploited these vulnerabilities to access emails and obtain long-term access to business networks. Once inside a network, they withdrew valuable data and stored it in their own cloud servers.

The four flaws in Microsoft Exchange Server

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Stealing Passwords & Searching for Vulnerabilities

Cyber attackers usually get into networks by stealing passwords. But they sometimes get in by searching for vulnerabilities as in the case of this zero-day exploit. Firewalls and antivirus software don’t detect the infiltrators because they basically steal the digital identity of someone who should have access. They can then create remote access to control the server and steal data from the company’s network.

Their end goal is to steal information. They scramble the organization’s valuable data so they can no longer access it. Then they use it for ransom. They may even destroy the network and data permanently.

National cybersecurity groups suspect a Chinese nation-state group, Hafnium, to be the source of these attacks. Microsoft engineers worked 24/7 to create the needed patches. They used out-of-band emergency patches. Out-of-band patches are fixes created and sent out immediately instead of waiting for the next scheduled update to issue them to the public. This means that Microsoft considered this threat to be very dangerous. All businesses should apply the update ASAP.

Hafnium’s Attack on Microsoft Exchange Server

Hafnium rents servers in the US even though the individuals themselves are based in China. They usually target organizations in the United States such as medical research organizations, law firms, universities, DoD contractors, and non-government organizations.

Even though this group is responsible for the initial exploits, there are many other bad actors that are moving in like vultures to take advantage of the situation.

Security Patches – Shields Up!

IT companies around the globe have been moving as quickly as possible to apply the updates and protect their clients.

The government department in charge of homeland cybersecurity reported worldwide exploitations. They have ordered all businesses and other organizations to apply Microsoft’s patches or disconnect email servers that are at risk. The direction has been to treat all organizations as if they have been compromised. If IT companies can’t find signs of the infiltration, they should disconnect the Exchange Server and rebuild it. Additionally, organizations should install and run security updates as an administrator as opposed to running them in normal mode. If you have made the mistake of doing this in normal mode, Outlook (for those who access it through their browser) and the Exchange Control Panel may stop functioning properly.

It has been a busy few months for our cybersecurity teams as well as others around the world.

One of the most important ways you can protect your technology is to keep it updated with patches and newer versions. This applies to all your computers, devices, machines, software, and servers. If you don’t keep them updated your vulnerability to cyberattacks increases.

Usually, Microsoft doesn’t provide patches for older versions of Exchange because businesses are responsible for keeping their technology patched and updated. But because of these global attacks, Microsoft has worked tirelessly to create more patches to protect those that still had older versions.

Give us a call if you need our help.

Read more about what’s been going on:

Emergency patch addresses MS Exchange Server zero-days

Mysterious Hades ransomware striking ‘big game’ enterprises

Microsoft Exchange attacks: Now Microsoft rushes out a patch for older versions of Exchange

What is a Zero-Day Exploit?

Is Your Business Network Vulnerable?

Is my business network vulnerable? That’s a question that keeps many business owners awake at night. Penetration tests for business networks often show that a network is most vulnerable from the inside. For example, it is not unusual when people write down their passwords and put them on their desks. I see it all the time.

Awareness of Local Exploitation

It’s important to be aware of the fact that there are vulnerabilities that can be exploited locally by individuals with the intent to steal data or cripple a business. Some might pose as a repairman or janitor. Some might be dumpster diving searching for information like account numbers, contact names, and numbers. And they want to breach your business to access your data.

The Value of Your Data

Your company’s data is the meat on the bones. It’s the most vital part of your business. Everything but the data can be replaced. So, if hackers can access your network and take your data, that can be devastating to your business. Too many businesses don’t realize how crucial it is to have their servers and networking equipment physically secure with a locked door or cabinet.

My Experience with Business Network Vulnerability

In my previous experience, I performed work for a large business that worked with sensitive, protected data. I brought it to the attention of management that the building’s network had a physically exposed element that could have been exploited by a hacker posing as a repairman or janitor.

This is why I continue to encourage the clients I work with to secure their network.

The following article (and video) is a great resource to understand how businesses can increase their network security. In non-techy language, it explains the most common network vulnerabilities. It even includes things like shoulder surfing, tailgating, and dumpster diving.

Read the full article: Common Types Of Network Security Vulnerabilities In 2020

At Least Put a Lock on the Door

The above article says businesses should have biometric authentication (fingerprint or face recognition) and access cards to protect servers. While I agree with this one-hundred percent, it is better than nothing to at least have a lock on the door and managers holding the keys.

A Firewall Is Critical for Business Security

Having a reliable firewall is extremely important in today’s environment. In the first half of 2019, 59% of MSPs reported Ransomware attacks on the companies they managed, according to a recent Datto Survey. The average ransom is $5,700. That is up 37% from the year before. You can see how essential it is to protect your server.

You must keep your guard up to keep nefarious actors out of your network. Your guard is your firewall. It protects your servers and infrastructure. There are many on the market and most are pretty good. Some last for years.

Keep Your Firewall Up to Date 

Keeping up with the latest technology is the best way to know which firewall to choose for your company. When researching, it’s important to know what you are doing because it can get pretty technical. Read the reviews and shop according to your budget. You should consider not only the purchase price but also the yearly services and support costs. Some businesses like the DIY option, but others prefer consulting with an IT Service company.

Fight Viruses & Hacking Exploits Floating Around in the Wild 

Maintaining a service subscription for your firewall will keep it up to date, which keeps your business safe from viruses and hacking exploits floating around in the wild. When you keep your subscription current, it will update your firewall with the latest version of firmware. Firmware is the software that runs the components in the firewall device and the software that runs it.

Prevent Business Operations Disruptions 

Support for your firewall allow you to call the manufacturer and talk to them about setup and repairs. If it has issues and you don’t have anyone who can log in and repair it, your Internet will go down. That disrupts your business operations, whether you’re working in the office or from home. This is happening more often than it should these days.

When Your Firewall Gets Too Old 

Your firewall is a critical piece of equipment. Keeping its support up to date is very important. Firewall companies only offer support for a certain period of time. After that period ends, you need to renew it. When the device gets too old, the manufacturer will no longer sell support for it. Once it fails, you will need to purchase a new one.

Without A Firewall for 30 Minutes – 699 Attacks 

Shipping times for new firewalls vary. You might have to wait for up to 3 days. That is a long time to go unprotected. We once tested what would happen to an Exchange server on the internet. It was password protected but had no firewall guard. Within 30 minutes, it was attacked 699 times by someone who was trying to hack through the passwords.

Understanding the importance of a firewall is paramount for a small business. If managed right, it will keep your confidential data safe from harm. We’re here to help you with that. Please give us a call to assess the state of your firewall. (844) 400-0616

Learn more about the Cybersecurity we offer!

Datto’s Global State of the Channel Ransomware Report 

Disaster Recovery Plan: 8 Points to Consider

With Covid-19 gripping many businesses around the world, we’re receiving a crash course in the importance of a Disaster Recovery Plan. Within a matter of weeks, we went from a free-flowing economy with no real work restrictions to a suffocating lockdown. Over the summer we experienced a glimmer of hope when the economy slowly opened back up. But flu season has descended upon us and cases have started increasing again. We’re now facing the possibility of another lockdown. Some companies are prepared, but others are not. 

Natural Disasters & Other Random Events

The pandemic isn’t the only disaster that can affect business continuity. Have you thought through the wider variety of disasters that could hit your company? The following situations can happen to any business:

  • Servers crash and systems go down
  • Sprinkler systems malfunction and water intrusion ruins computers, printers, or other business devices
  • Severe storm weather knocks out the power, and the power company takes a few days to repair it
  • A thief breaks in and steals your equipment
  • Construction crews accidentally cut the power to your office and you’re down until they can repair it

Those Who Fail to Plan, Plan to Fail 

Do you have a recovery plan if any of these disasters hit your office? The best way to prepare is to create a plan that is customized to your company. Customized plans are better than a one-size-fits-all approach. Every company is unique. Each has critical business operations that need to be accounted for in the event of a disaster. A good IT Service Company can help you explore the questions and answers relevant to your business.

8 points to consider for your disaster recovery plan

Risk Analysis

What are your critical operations? Prioritize them so you know which to address first in the case of an emergency.

Recovery Time

Timewise, how much wiggle room does your company have before all hell breaks loose? Know your maximum downtime.

Compliance

Does your recovery plan meet with PCI, HIPPA, or other compliance rules you have to follow?

Disaster Recovery Team

Does everyone in the office know who will have the authority to make the decisions when in an emergency? Who are the go-to people when disaster strikes? This all should be decided in your disaster recovery plan.

Critical Information

Keep critical information like primary contacts and account numbers available in a safe place. When computers and other electronic devices go down or you can’t work from your office, how will you access this critical information? Think cloud backups.

Communication Plan

How will you communicate if your office computers and phones go down? Do you have a list of employee cell phone numbers available, so communication is not completely cut off?

Working from Home

If you and your employees can’t come to the office for an extended period of time, where can you temporarily set up your workstations? What technical support will you need to make this happen safely and effectively? An important part of a disaster recovery plan is having the process and technology in place for employees to work from home beforehand.

Review Your Plan

Employees come and go. Business roles, contact information, and accounts change. Review your plan regularly. Are employees who are named in the plan still with the company? Are account numbers and contact information current?

Business continuity is about maintaining critical business operations even when faced with long-term interruptions. Most of us were caught off guard when COVID-19 hit. We have faced this disaster for the past 10 months. We’re now wide awake and a little wiser.

We don’t know how long we will have to do business in this locked-down economy. We’re unsure if it will get worse. We can’t be certain when other random disasters will hit. But we can increase confidence and security by creating a solid disaster recovery plan. This is the best solution to reduce risk, data loss, and network downtime.

Integrinet IT can help you develop a customized disaster recovery plan for your business.

Powered by Integrinet IT | © Integrinet IT 1998 - 2021