• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / March 10, 2021

Microsoft Exchange Hack

On March 2, Microsoft issued a warning to Microsoft Exchange users that a Chinese state-sponsored cyberattack group called “Hafnium” was exploiting four zero-day bugs in order to attack thousands of organizations (estimates range from 30,000 to 60,000).  The known victim organizations include local governments, retailers, universities, large enterprises, and small to medium-size businesses.

The four vulnerabilities together are used as an “attack chain” meaning that it allows the attackers to access the victim’s system, take administrative control of the server remotely, and then steal data from the organization or remain in the network to do other damage.  Once the cyber criminals have gained access and taken administrative control, the amount of potential damage is endless.

On the same day they released the warning, Microsoft released updates (or patches) to mitigate these vulnerabilities.  The versions that are affected are Microsoft Exchange 2013, Microsoft Exchange 2016, and Microsoft Exchange 2019.  At this time, there is no evidence that individual consumers are affected by this hack since Microsoft Exchange Server is used mostly by business customers.

A “zero-day” bug is a vulnerability that is discovered and used prior to the software developer knowing about it and being able to provide a patch or fix for the vulnerability.  It then becomes like an arms race in which the developers are in a race to provide a fix before hackers can do too much damage to the systems that are at risk.

In this case, once it was discovered that Hafnium had been hacking into vulnerable systems with these four zero-day bugs, Microsoft created the patches to fix the problem while at the same time Hafnium accelerated their attacks and at least four other hacking groups jumped on the bandwagon and are using the same zero-day bugs to attack tens of thousands of victim organizations (hundreds of thousands potentially worldwide).

As of March 5, only 10% of Microsoft Exchange customers had implemented the patches to fix the vulnerabilities.  That, however, is only half the problem.  The patches will keep anyone from accessing the system via those vulnerabilities in the future, but if a cyber criminal has already accessed the system, they may still be inside the network and have a backdoor into it.  The technological equivalent of closing the barn door once the horse has left.

What should you do?  The White House press secretary on Friday said, “We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.  Network owners also need to consider whether they have already been compromised and should take appropriate steps.”

That is excellent advice.  However, do most local governments, non-profits and small businesses know what those appropriate steps are?  Many organizations like these often do not have full-time or dedicated cyber security resources and are therefore at higher risk for attack and, often, debilitating damage from those attacks.

If your organization uses Microsoft Exchange 2013, Microsoft Exchange 2016 or Microsoft Exchange 2019 – or if you are unsure what your organization uses – Commonwealth Sentinel can help.  We will check your system to see if you have these vulnerabilities and will install the patches to “close the barn door”.  We will then check for indicators of compromise; that is, check to see if someone had been able to get into your network before it was patched and help with remediation – backing up data, re-imaging the server, scrubbing the email accounts, resetting passwords and restoring your network.

While we would normally conduct a comprehensive vulnerability and threat evaluation of your system as our first step to providing security consulting services, we are offering this Microsoft Exchange Service assistance to anyone whether an existing client or not in order to help you protect your data, operations, and employees.

To help you meet this unprecedented challenge we are offering discounted patching and scanning services. Contact us to see how Commonwealth Sentinel can help!

Filed Under: News

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT