Businesses Using Microsoft Exchange Beware

 By Diane Tait

Image courtesy Pixabay

If your business uses Microsoft Exchange, you may have a problem. That’s because in February 2021, a Chinese hacking group called Hafnium exploited flaws in Exchange to gain access to email accounts.  This allowed the state-sponsored hackers to install malware that could ultimately let them take control of affected systems.  The estimated number of compromised accounts is more than 100,000. So flagrant was this attack that the Cybersecurity & Infrastructure Agency, issued a warning along with appropriate steps to take to mitigate the attack.  The Hafnium exploit can allow hackers to steal data, encrypt existing data, delete data or even hold data for ransom. 

Who is Hafnium?

Most of us think that hackers are anonymous computer nerds who spend their days sleeping and their nights making their fingers fly across their keyboards trying to break into other people’s computers.  While it’s true that there are still some independent hackers and hacking collectives around the world, Hafnium is much more disciplined and dedicated.  That’s because these hackers are sponsored by a government entity.  Known by government agencies as APT groups, these Advanced Persistent Threats have been known in the past to concentrate their efforts on government offices and military contractors. However, during the past few years, some of them have expanded their target list to include think tanks, energy companies, telecoms, healthcare centers, universities, legal services, financial institutions, charitable organizations, and businesses. While their ultimate goal is to sow the seeds of chaos, their tactics are persistent, stealthy, and sophisticated.  This makes the detection of APT exploits difficult to detect and even harder to eliminate.  

What is Microsoft Exchange and how does it work?

Exchange is a popular service used by businesses to deliver email, coordinate contacts, schedule meetings, and manage tasks.  Organizations employing Exchange can either maintain their own in-house server or rely on Microsoft’s cloud server via a Microsoft 365 account.  Those using Exchange rely on the service to sync email, distribute calendar events, and facilitate other Outlook functions between multiple users via the Exchange server.  To find out if your business is using Exchange, you need to check your account settings in Outlook.  The steps to do this are as follows:

  1. Choose “File”
  2. Click on “Account Settings”
  3. This will provide you with a list of email accounts that include which ones use Exchange.

How do you know if your system has been compromised?

Image courtesy Pixabay

Since not every Exchange account has been compromised, it’s vital that you test your system to see determine its status.  Fortunately, Microsoft has created a way for you to determine if your account has been infected.  Access Microsoft Test-Proxy here.  To interpret the results generated, you’ll need to either peruse the accompanying blog and video or you’ll have to pass the report along to your IT technician.  The blog also provides you with details on how to patch or disable any accounts that have been compromised.  

Problem Solved?

Not quite.  Even once your system has been patched and/or the account disabled, this won’t necessarily address any malware that has already been planted on your device.  To look for additional exploits, you’ll need to run additional Microsoft security scripts.  This includes the Microsoft Exchange On-PremisesMitigation Tool for those companies who use an on-site server, as well as the Microsoft Safety Scanner that’s designed to identify and eradicate malware from affected Windows computers.

What should you do if you find you have been compromised?

The most important things you can do if you discover evidence that malware has been planted on any of your devices are:

  1. Shut down the device.  The longer you keep operating it, the more time the malware has to steal, destroy or encrypt data kept on it.
  2. Take your device to a trusted IT professional.  Trying to affect a fix on your own may not eliminte all the malware that has been planted on your device.  A blog I read on Sophos News pointed out a list of suspicious .aspx files more than a foot long which could harbor malware on any infected device.  
  3. Make sure your antimalware software is up to date and operating.  If your machine is penetrated, one of the first things a hacker will do is to turn off any existing antimalware software that can hinder his or her progress. 
  4. If your company has cyber insurance, contact your agent as soon as you find evidence that your system has been compromised.  The longer you wait, the deeper a dive the hackers can take into your system.  This could result in additional liability should the hackers gain access to proprietary information and/or client data.

Diane Tait owns and operates A&B Insurance.  To find out more about how you can save money on all your insurance needs, go to her site.

Location: Jacksonville, FL, USA

Comments

  1. Carl WeissApril 26, 2021 at 1:41 PM

    As if Coronavirus didn't set business back far enough in the past year, now here comes a new cyber threat to make it even harder to do business as usual.

    ReplyDelete
  2. Hector CisnerosApril 29, 2021 at 12:27 PM

    Microsoft has powerful but also complex s/w system and because they are complex they need to be guarded comprehensively and carefully if not they are very vulnerable!

    ReplyDelete

Post a Comment

Please only leave comments related to the article you are posting under. Unrelated or spam posting will be deleted.

Popular posts from this blog

How to Maximize Uptime while Minimizing Driver Fatigue

Image
By Diane Tait Image courtesy of wikimedia If it’s one thing that all truckers can agree on, it’s the importance of maximizing uptime without sacrificing safety.   The ability to earn a living behind the wheel is only as good a driver’s ability to get hired.   While employers want to get their goods to market as quickly as possible, nobody wants to employ a driver that puts their cargo at risk.   Likewise, no insurance carrier wants to carry a driver on the books with moving violations or accidents on their record.   This puts truckers in the unenviable position of trying to balance time on the road with the hazards inherent to highway driving.   One of the biggest hazards that truckers face is driver fatigue.
Read more

The Truth About Self-Driving Cars

Image
 By Diane Tait Image courtesy Pixabay For the past few years, it seems the only time you read or hear about self-driving cars is when a new model is released or when one crashes.  While that may make for titillating headlines, the truth of the matter is that the technology will continue to develop as time goes on.  Not only are billionaires betting the bank on it, but the systems that automate driving are slowly but surely making their way into every vehicle on the road.  If you've been losing sleep about losing control over your car to onboard automation, here's what you need to know.
Read more

Is Smartphone Insurance a Smart Choice?

Image
By Diane Tait Image courtesy Pixabay Unless you're a prepper who lives off the grid you probably own at least one cellphone.  Most people trade their phones in for new ones every 2.7 years on average.  While some replace theirs every year or two because they want to keep up with the Joneses, others wait to replace their smartphone until device performance forces them to do so, or because the manufacturer stops supporting their phone.  Regardless of whether you decide to replace your smartphone sooner or later, as soon as you decide to spring for a new one, you'll be asked if you'd like to opt-in for additional protection.  The question is, should you purchase cellphone insurance the next time you get a new phone?
Read more