Just recently, one of the largest email service providers in the world was hacked by a group of cybercriminals. The attack affected hundreds of thousands of people and businesses, including key service providers within the United States. Some people are still facing the fallout from this massive cyberattack. Now it’s time to consider the implications of this event, including the status of your own IT security. Microsoft Exchange Cyberattack IT security

What Happened With the Microsoft Exchange Cyberattack?

First, let’s review the details. Starting in January 2021, a group of hackers known as Hafnium targeted Microsoft Exchange users around the world, breaching email systems and gaining access to classified data. The attacks continued until news finally broke in early March. Because the hackers appeared to be “state-sponsored” and specifically targeted large retailers and government organizations, the Department of Homeland Security issued an emergency directive. Microsoft released patches to resolve the software vulnerabilities that led to the attack. While security administrators scurried to apply the patches as quickly as possible, additional hackers used the opportunity to target as many compromised accounts as possible. As of early April 2021, there is an ongoing investigation and many users are still unaware of the breach.  

Is Your IT Security Safe From Similar Hacks?

Unfortunately, these types of cyberattacks are difficult to prevent entirely. Even with the most robust security measures, organized attacks from dedicated criminals with extensive knowledge are always a possibility. Microsoft is one of the largest tech companies in the world, and their security is top-notch—but even they’re not 100% safe from attack. In these situations, organizations need to patch their software, and they need to do it fast. Chris Kreb is the former director of The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). He believes that government organizations and small businesses will be most affected by the breach because they don’t have the bandwidth to address the problem correctly. In the meantime, companies that continue to use unpatched MS Exchange software remain open to attacks from Hafnium and other hackers. That’s why a managed service provider (MSP) is so important. Unfortunately, small, in-house security teams simply can’t keep up with the workload of large data breaches like this one. A managed service provider or IT security company is much more likely to follow the latest news updates and react quickly to security vulnerabilities and patches.  

What Should You Do Now?

If you haven’t already, make sure your organization wasn’t directly targeted by the attack. The CISA recommends that IT security experts look for signs of compromise and update software with the latest patches from Microsoft ASAP. If that’s not possible, disconnect and rebuild the Exchange server. Microsoft released further guidance regarding the situation: It is imperative that you update or mitigate your affected Exchange deployments immediately. These vulnerabilities are being actively exploited by multiple adversary groups. For the highest assurance, block access to vulnerable Exchange servers from untrusted networks until your Exchange servers are patched or mitigated. If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft recommends that you update and investigate in parallel, but if you must prioritize one, prioritize updating and mitigation of the vulnerability.  

Final Thoughts on IT Security and Cyberattacks

While these types of data breaches are rare, they do happen, and the results can be catastrophic. If your in-house security team is overwhelmed and needs additional support, please consider reaching out to a managed service provider who is knowledgeable and already aware of the current situation. If you don’t have a security team, we urge you to contact Network Providence today. We can address the situation, bring your security up-to-date, and stay on top of updates going forward.