On Mar. 5, 2021, KrebsOnSecurity broke the news that at least 30,000 organizations and hundreds of thousands globally had been hacked. The same sources who shared those figures say the victim list has grown considerably since then, with many victims compromised by multiple cybercrime groups.
Hackers found four separate security holes in Exchange Server that they used to siphon email communications from Internet-facing systems running Exchange. According to Microsoft officials, hackers have been using all four flaws as part of a complex attack committed by a Chinese cyber espionage group. The group has used the security vulnerabilities to plunder emails.
The hackers were able to use vulnerable Exchange Servers that were directly exposed to the internet through the security flaws. This allows hackers to read an organization’s email and export information to a file-sharing site. Hackers may then use this information to commit phishing or ransomware attacks. They may also use software backdoors to steal more data or perform malicious actions that further compromise the organization’s data.
The Chinese espionage group has been known to target entities in the United States, including:
Higher education institutions
Defense contractors
Law firms
Infectious disease researchers
Non-governmental organizations
How Microsoft Responded to the Attack
On March 2, Microsoft released emergency security updates to plug the four security holes in Exchange Server versions 2013 through 2019 from Internet-facing systems running Exchange.
Dangers of Ransomware Attacks Following the Data Breach
Ransomware is malicious software that typically infects a computer and encrypts all of the data on it so that the owner cannot access their system. There may be a message that says that the owner must immediately pay a large sum of money in order to regain access to their system. The global cost of ransomware is projected to reach $20 billion by 2021. Every 40 seconds, a business falls victim to one of these attacks.
These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. They may then demand payment before they will allow the owner to access their own system. Oftentimes, even if the victim pays, the criminal will still withhold the system or demand more money.
Fortunately, there are several ways that you can increase your organization’s security and prevent ransomware attacks from happening, including:
1.Learn About the Most Recent Trends
Cyberattacks can change rapidly. However, hackers will often use similar processes as they gear up for an attack. For example, Emotet or Trickbot infections are often an early warning sign of an attack by Ryuk. If you spot any early warning signs, run a full compromise assessment to minimize or eliminate damage.
2.Be Careful in the Cloud
While cloud services are becoming increasingly popular, this does not make them impenetrable. Ensure that you have full visibility over cloud services in case attacks are targeting cloud servers.
3.Update All Software
Software patches are often released once security vulnerabilities like those found in Microsoft’s systems are discovered. Set your systems to update automatically so that you always have the latest and most secure systems and software possible.
4.Limit Access
Avoid giving access to sensitive business data to everyone in the organization. Segment the data so that your business is not so vulnerable.
5.Perform Penetration Testing
Have your internet security professionals test out how secure your network is by conducting occasional penetration testing on it. Try to identify any vulnerabilities and correct them before hackers find and exploit them. Make sure that outsider users cannot remotely access your devices.
6.Train Staff
Your staff is your first line of defense against cybersecurity attacks. Train them well on good cybersecurity practices, such as not opening links or attachments from unverified senders.
7.Perform Regular Backups
Ransomware attacks are often successful against businesses that cannot easily recreate the data through a recent backup. Perform daily backups to thwart these attacks.
Conclusion
Microsoft’s attack is just the latest attack of its kind. It is now more important than ever to stay protected and to take all steps to defend your business. Follow the steps above to heighten your security, especially if you were one of the Microsoft attack’s victims.
BIO
David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
