One of the biggest ever security flaws in Microsoft Exchange – the world’s most heavily used e-mail platform – was identified this week, putting customers at risk of emails being accessed without needing to log in.

Here’s everything you need to know…

What has happened?

Microsoft claims that a new China-state sponsored threat actor is exploiting four previously undisclosed security flaws in Microsoft’s email product, Exchange Server.

Hackers used newly discovered vulnerabilities to break into Exchange email servers running on company networks. This unlocks the door to company data, granting the attackers access to email accounts and the ability to plant malware.

When used together, the four vulnerabilities create an attack chain that can compromise vulnerable on-premise service running on:

• Microsoft Exchange Server 2013
• Microsoft Exchange Server 2016
• Microsoft Exchange Server 2019

Microsoft said, “In the attacks observed, the threat actor used these vulnerabilities to access on-premise Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments”.

Who are the hackers?

The hacking group, HAFNIUM have been identified as the perpetrators, and although located in China, they use IP addresses in the US to launch these large-scale attacks.

HAFNIUM historically is known for their attempts to breach a broad range of US based organisations, including defence contractors and sensitive, business-critical data law firms and infectious disease researchers.

Who is affected?

Only on-premises systems are affected, Exchange online systems remain secure. Microsoft have declined to state how many attacks occurred but described the number as “limited”.

The good news

The good news is that several patches have been released to fix the four security vulnerabilities, a week ahead of Microsoft’s typical patching schedule (which is usually the second Tuesday of each month). The team at razorblue reacted immediately and have successfully installed these security updates to all customers with on-premises Exchange systems.

Businesses who invested in next-generation firewalls also saw the vulnerability “virtually patched” within hours of it being discovered, further reiterating the importance of solutions like this.

What do I need to do?

Due to the critical nature of these vulnerabilities, your managed service provider (MSP) should have this covered. We recommend that companies without Patch Management software apply the updates to affected systems immediately to protect against these exploits.

The bad news

Criminal masterminds sadly are not going anywhere. It is important to adopt a “Zero Trust” approach to security, you can never be too safe. Additionally, access to your corporate network should always be managed based on a continuous verification of identity and devices.

This is just yet another example of how much cyber-crime is rising. It is predicted that the global cost of these types of crimes will exceed £4.4 trillion per year by the end of 2021.

Solutions are available and we are here to help protect your business from becoming a victim to cyber criminals. The most effective and secure protection includes a comprehensive mix of cybersecurity solutions.

When such huge-scale cyber-attacks occur, the outcome can be catastrophic. If leaders want to protect their organisations, it is imperative to have an MSP who are both proactive and dependable, reacting immediately to any cyber threats – big or small.

Get in touch today and speak to one of our cybersecurity experts.

0333 344 6 344

sales@razorblue.com