If your business uses an on-premises Microsoft Exchange Server, you may have seen the alarming news recently that several “zero-day vulnerabilities”, or newly discovered security gaps, have been exploited by international hackers. As a result, thousands of organisations worldwide could be at risk of server hijackings, data theft, and potential malware attacks.
If all of this comes as news to you, then read on to find out more about the Microsoft Exchange Server vulnerabilities, what they could mean for your business, and crucially how to go about securing your business from the ongoing threat of zero-day attacks and ransomware. Intellesec explains everything you need to know about this latest cyber threat.
What are zero-day vulnerabilities and attacks?
Vulnerabilities are unintentional flaws in software programs or operating systems, which can leave holes for cybercriminals to exploit if not addressed swiftly. A so-called “zero-day vulnerability” is basically a newly discovered vulnerability or attack-vector that only the attackers know exist so they can work without interruption from the defenders, or the ‘good guys’.
Once the vulnerability has been identified and made public, the software developer is in a race against time to fix the issue before more damage is done on a wider scale.
What are the Microsoft Exchange Server vulnerabilities?
Recently, it emerged that four zero-day vulnerabilities had been identified across Microsoft Exchange Servers. Known to affect Microsoft Exchange 2013, 2016 and 2019, these exchange server vulnerabilities have enabled hackers to install code known as “web shells” that effectively provide remote access to a server. These enable perpetrators to spy on emails and eventually launch more malicious attacks, including ransomware.
The hacking campaign is thought to have been instigated by Chinese state-sponsored hacking group, Hafnium. But as many as 10 other hacking groups are now believed to be actively exploiting the zero day vulnerabilities in 115 different countries. So far, more than 500 on-premises Microsoft Exchange Servers (the main targets for attacks) in the UK are thought to have been hacked and more than 30,000 in the United States. Further, based on telemetry collected from the Palo Alto Networks Expanse platform, they estimate there remain over 125,000 unpatched Exchange Servers in the world
How do I protect my business from a zero-day attack?
In the first instance, businesses that are running the aforementioned versions of on-premises Microsoft Exchange Servers should patch them immediately using Microsoft’s emergency security update. The longer an organisation takes to patch the vulnerabilities, the greater the threat of a zero-day attack becomes. IT teams should also check for any recent compromises to ensure no web shells have been installed on servers.
The next step, particularly if in-house threat intelligence and remediation are beyond your means, you should engage with a credible incident response team, such as Intellesec. We offer a total cyber security solution, from vulnerability scanning and assessment to sophisticated SentinelOne Endpoint Detection Response (EDR) solutions and next-generation firewalls from Palo Alto. We quickly and efficiently help fix your security issues.
We have the technology and vast industry experience to ensure your servers (and everything else digital for that matter!) are safe, secure and impenetrable to cyber attacks. For more information about our cyber security solutions, please contact Intellesec today on 0116 3266123 or email hello@intellesec.co.uk.
