Microsoft Exchange Server Hack: Synopsis and Takeaways

by | Jul 6, 2021 | Managed Services, Security | 0 comments

Setting the Stage

Microsoft Exchange Server is a collaboration solution that includes email, calendars, and cloud sharing. Tens of thousands of US organizations use Microsoft Exchange Server, including schools, banks, local government, and police departments.

What Happened

In early January, Microsoft announced that they were aware of four zero-day bugs. In March, Microsoft released patches to tackle the critical vulnerabilities in their software. At that time, the company disclosed that those bugs were being actively exploited by cybercriminals.

Over the next week, cybercriminals used the vulnerabilities to gain access to email accounts and install malware at more than 30,000 organizations nationwide.

A state-sponsored Chinese hacking group, HAFNIUM, is suspected to be responsible for these attacks. The criminals operate primarily from leased US virtual private servers. Although their attacks are often unsuccessful, HAFNIUM was able to identify more details about their target’s environments in this hack, which allowed them to exploit the zero-day bugs.

What We Learned

#1. In-house is risky

Post-incident, many organizations have moved to online Exchange, which is a cloud-based platform that provides more security than a self-managed server. There is a common misconception that managing email in-house is more secure. Cloud vendors have access to a huge swath of resources and specialized knowledge. SaaS vendors implement sophisticated preventative measures into their systems. Most importantly, vendors have experts on staff that are trained to respond if an incident occurs.

#2. Hackers target rich attack environments

The most enticing environments for hackers are found in organizations with on-premises software solutions manned by teams that don’t pay much attention to software updates. Small and mid-sized businesses often fall into this category because their team is busy paying attention to functions necessary to run the businesses rather than which version of the software they are running. Additionally, their IT leaders are often generalists, not specialists. All of these factors make small and mid-sized businesses a rich environment for cybercriminals.

#3. Barriers to the Cloud

Organizations don’t stay on-premises because they want to or because they are uninformed. It’s usually due to a combination of the following four factors:

  • Legacy Systems – Protecting legacy systems is the responsibility of many CFOs and CEOs. Fighting for modernization often requires C-suite support.
  • Lack of Funding – Moving to the cloud can be costly. For businesses looking to reduce spending, it can be easy to justify staying on-premises.
  • Funding Structures – Many businesses favor capital expenditures, which make it hard for IT teams to get cloud systems approved.
  • Sweating Assets – Organizations try to extract as much value from assets as possible, making legacy systems more appealing.

Protect Your Organization

If you are running Microsoft Exchange Servers or you are worried about your organization’s security, Peters can help. Our cloud engineers specialize in helping small and mid-sized businesses secure their organizations with the cloud.

Don’t wait—contact a cloud engineer today.

Contact Us Today