Microsoft Exchange Hack: Update Needed ASAP

KrebsOnSecurity has reported that an estimated 30,000 U.S. companies, small businesses, and government offices were hacked over several days in early March by an "unusually aggressive Chinese cyber espionage unit."

The goal of the cyber espionage unit, which Microsoft calls "Hafnium", was to steal emails from its victims. KrebsOnSecurity stated that sources familiar with the hack said the cybercriminals exploited four flaws in Microsoft's Exchange server email software. These flaws allegedly gave Hafnium full remote control over the systems they hacked.

According to the White House press secretary, "significant" weaknesses were found in Microsoft's Exchange servers.

The cybercriminals left a hacking tool called "web shell" on each system that they infiltrated. The tool is protected by an easy password and can be accessed from any internet browser, according to KrebsOnSecurity. It gives the hackers administrative access to the targeted computer servers.

Microsoft released a security update to patch 2013 to 2019 versions of Exchange in early March. It also notified U.S. government agencies of the breach. The Prague municipality and the Czech Ministry for Labor and Social Affairs were also allegedly impacted by the cyberattack. 

This is the eighth time in 12 months that Microsoft has reported state-sponsored cyberattacks.

A spokesperson for the Chinese Foreign Ministry responded to Microsoft's accusations by stating that there is not enough evidence to determine the origin of the cyberattack.

Exchange is used by companies, infectious disease researchers, defense contractors, law firms, non-governmental organizations, and universities, according to Microsoft. Fatma Khaled "At least 30,000 US organizations, small businesses and government offices were victims of Microsoft Exchange hack: Krebs" msn.com (Mar. 06, 2021).

Commentary

Microsoft recommended that Exchange users immediately install the updates it released in March. If your organization uses Exchange, require all employees to install these updates right away.

In fact, it is important to train employees to immediately install all patches to apps, software, and operating systems as soon as they become available. Updates frequently address a known vulnerability that is allowing cybercriminals to hack devices. Therefore, installing updates is one of the best cybersecurity practices you can instill in your employees.

Require employees to set their work computers and devices to update automatically. Train them to immediately install any legitimate patches that cannot be set to automatically update.

However, remind employees to be leery of any popups or emails that claim to contain necessary updates, even if they use the app it says it updates. Cybercriminals will often spread malware through fake updates.

Finally, your opinion is important to us. Please complete the opinion survey: