Cybersecurity is indispensable for businesses. Attack strategies are constantly evolving...
The Hafnium Hack
Alarming news in the world of cybersecurity. Vulnerabilities in Microsoft Exchange servers allowed hackers to access a company’s servers, emails and calendars. Hafnium, a group of hackers that is well trained and operates in a sophisticated manner from China is the culprit. The Hafnium Hack. It was revealed in March 2021 and it caused a shock in the world of IT. Companies were still not proven safe after the patches, now what?
Microsoft Exchange Servers
Numerous organizations and companies use MS Exchange, a mail system with calendar management from Microsoft. On-premises Exchange Servers, or physical servers of MS Exchange with version 2010 to 2019 were affected. Exchange servers in the Cloud experienced no issues. A vulnerability in this system made it possible for Hafnium to penetrate corporate networks and emails connected to an MS Exchange server.
The Hafnium case
In January, vulnerabilities and flaws in MS Exchange’s system were noticed by DEVORCE. A group led by Taiwanese security researcher Cheng-Da Tsai. They had been tracking the vulnerabilities, called ProxyLogon, since December. Unfortunately, malicious parties had discovered these vulnerabilities way earlier. Microsoft wanted to launch the security updates on March 9, but because many backdoors were placed in a large number of vulnerable servers around February 26, Microsoft already published the patches on March 2. However, by the 5th of March, thousands of Exchange Servers worldwide had been fitted with backdoors by hackers.
Investigate, create a backup and solved?
Unfortunately, with such attacks, that is not the solution. When backdoors are installed in a system, they are often impossible to find. Think of it as a kind of dormant virus that can reactivate itself. If you were to create a back up, you would put these backdoors back. Are you using Microsoft 365 entirely in the Cloud? Then you don’t need to worry. As mentioned earlier, this is only regarding the on-premises Exchange servers.
What are the consequences of an attack like this?
With an attack of this caliber, it is difficult to say in a short time what exactly the consequences will be. Since the attack happened on a large scale, task forces have already been set up in the US that will investigate the hack. The installation of Ransomware and the selling of stolen data are already among the possible consequences.
What you can do
The first step is to use the tools Microsoft has made available on its support page. The latest update, the latest security patch and the Microsoft Safety Scanner. With this scanner you can find or even remove malware that is detected on your Exchange server. Backdoors already known to Microsoft can be disabled this way. Furthermore, you can look for indicators that suspicious activity is taking place on your network. Your IT partner can support you in this process and then provide an analysis.
Cybersecurity and innovation are closely related. Technology is growing and accelerating, which makes it difficult to protect yourself as a company. Attacks like this will occur more frequently in the future. Cloud solutions such as the Microsoft Azure platform offer constant security updates to avoid such issues. Not sure how to approach it most effectively? Our Managed Cloud services may be able to help you with that.