Iain Shaw, MD (Commercial, Innovation and Products) at Brigantia Partners Limited, on the MS Exchange hack situation.
Have you ever felt that sometimes the world changes so quickly that one day, you may not keep up? The world has changed yet again. Small to medium size businesses which have been running Exchange servers have been hit so hard that the viability of continuing to use such systems must be called into question.
The hack allegedly started a few months ago as an attack by the Chinese state-sponsored Hafnium group, and quickly escalated into a global hacking frenzy as Exchange servers worldwide were compromised. The servers breached are not just businesses’ though, with many charities, medical facilities and government servers being hacked too.
The information stolen is vast: Millions of emails which people considered to be safely transmitted and stored. For so many kinds of social engineering attacks, this sort of thing is like gold! Outside of the obvious leverage gained by having access to colossal amounts of data, things like CEO fraud and convincing man-in-the-middle attacks will be rife. Also, people should think about whether passwords used in their Exchange accounts have been reused elsewhere, as these will be being tried as you are reading this.
If you are reading this and thinking “thank goodness that we switched away from Exchange, so this doesn’t apply to me”, then I have some bad news for you. Consider the number and content of emails which your organisation has sent to the outside world, to organisations which were still running Exchange servers. Those emails could very well have been included in a data breach caused by these hacks…
An important factor to consider is that if your Exchange server has been breached, applying the Microsoft security patches will not undo the damage; the hackers will continue to have access to your server. You should either get the server fully and professionally investigated, or switch to an online alternative such as Microsoft 365.
From the point of view of organisations across the globe, this is very bad. It marks a sea-change in the sophistication of hacking attacks, an introduction of new means of automated attack which means that many more victims can be hit in a short space of time. If you would like an analogy, consider your tribe riding horses over a hill into battle, only to find a battalion of Challenger 2 tanks waiting on the other side.
The overall fragility of modern systems cannot be emphasised strongly enough. The criminal enemies which would inflect damage on your systems so as to make money from you are increasingly well armed, increasingly numerous, and no less desperate than they have ever being. You must meet these threats with adequate protection or give up and go home.
The world has changed, it will not go back to how it was. Your organisation should now switch away from on-premises solutions to safer cloud-based solutions as such things are kept up to date without you having to worry about it. You also need to up your game regarding security and as such should consider the following solutions:
- bluedog 365 Security Monitoring (assuming that you use Microsoft 365 of course)
- CyberSmart – to achieve at least Cyber Essentials and preferably Cyber Essentials Plus
- Heimdal Security End Point Security
- Hornetsecurity Email Security
- Keeper Password Security
- KnowBe4 Security Training
- Redstor Cloud Backup
- Safe-t Zero Trust Solutions
Read the latest edition of PCR’s monthly magazine below: