Large-scale Microsoft Exchange Hack
Here we are again, reporting on another security breach involving a major international company. In this case, Microsoft have advised that their Exchange email platform has been compromised.
Late last week Microsoft accused Hafnium as the state-sponsored group from China behind the exploitation of user email accounts from customers who are operating Microsoft Exchange Server versions 2016 & 2019.
This vulnerability has been confirmed to exist within the latest version of Exchange 2016 on a fully patched Windows Server 2016 server. Microsoft also confirmed the vulnerability exists in Exchange 2019 but has not tested against a fully patched version, although it believes they are vulnerable.
It should also be noted that at the time of writing, this vulnerability does not appear to impact Office 365.
Integer IT has quickly patched the servers of our managed service clients who operate the particular versions of Microsoft Exchange identified as being vulnerable to the exploit. Additionally, we have checked mailboxes for suspicious activity (e.g. the creation of email forwarding rules).
We take the security of our clients’ systems very seriously, and we encourage best practice on how to secure environments and data.
Integer utilises a multi-faceted approach to protect our own IT environment, including:
- Remote/pre-delivery email filtering services
- Managed hardware firewalls with subscription updates
- Endpoint security on both servers and desktops
- Regular security patching of systems
- Back up of Microsoft 365 emails
- Multi-factor authentication (MFA) on critical applications
- Offsite data back up
This type of cyber-attack is, unfortunately, the new norm, allowing malicious actors access to email accounts and any data and attachments that reside within them. Email mailboxes are not the place to hold or save data, and we encourage saving important documents in a centralised area (e.g. on a secure server).
If you feel you aren’t fully protected and would like to discuss how we may assist please do not hesitate to contact us.