If you haven’t heard the news, there is a major zero-day exploit quickly spanning the globe. A zero-day exploit is an advanced cyber attack that exposes a vulnerability in software/hardware, which can create a series of complications before it is detected. Until the vulnerability is remediated, hackers can exploit it affecting your data and network. The most recent exploit is targeting local installations of Microsoft Exchange. Once attackers find a vulnerable Exchange server, they gain a foothold on that server and attempt to mine your data.
The main group behind this threat is HAFNIUM, who primarily targets companies within the United States. Industries most at risk include infectious disease researchers, law firms and educational institutions. However, these hackers can exploit any Exchange server they can get their hands on. Other bad actors are now launching similar attacks, meaning a quick response is your best defense.
The good news is that if you are already using a cloud-based email system like Microsoft 365, you are safe. If you have an on-premise Microsoft Exchange server, patch it immediately. This can be a physical or virtual server running at your office, a colocation space or even in the cloud. We have come across servers that were left behind after a migration to cloud-based email services. This threat is bad enough that Microsoft is providing patches to no longer supported servers. You can find the specifics here.
How Do I Protect My Network?
The first step is to install the patch. Ensure you are fully patched with the correct cumulative update and the correct additional patch specific to this threat. Once you have completed this, you are not done yet. The patch can’t tell you if your server was compromised, but Microsoft is providing steps on how to find out if you have any indications of compromise. These steps will show you if you need to take further action.
Additional best practices are to limit the ports allowed to communicate to and from your server through your firewall. The use of egress filtering can stop the unwanted intruder from doing more damage and can give you more information to respond to the threat. Adding advanced threat detection and response capabilities is another strong tool to defend your network.
If you haven’t already, you need to investigate migrating to the best email solution for your organization. After the migration is complete, fully decommission any unnecessary servers or services so you are less likely to have to go through this again.
Issues like this, along with the continuous change to the information technology threat landscape, can be daunting to stay on top of. It’s always good to have someone to call when you need help. If you need assistance, feel free to contact us online or call 410.685.5512.