On Mar. 5, 2021, KrebsOnSecurity broke the news that at least 30,000 organizations and hundreds of thousands globally had been hacked. The same sources who shared those figures say the victim list has grown considerably since then, with many victims compromised by multiple cybercrime groups.
Hackers found four separate security holes in Exchange Server that they used to siphon email communications from Internet-facing systems running Exchange. According to Microsoft officials, hackers have been using all four flaws as part of a complex attack committed by a Chinese cyber espionage group. The group has used the security vulnerabilities to plunder emails.
The hackers were able to use vulnerable Exchange Servers that were directly exposed to the internet through the security flaws. This allows hackers to read an organization’s email and export information to a file-sharing site. Hackers may then use this information to commit phishing or ransomware attacks. They may also use software backdoors to steal more data or perform malicious actions that further compromise the organization’s data.
The Chinese espionage group has been known to target entities in the United States, including:
- Higher education institutions
- Defense contractors
- Law firms
- Infectious disease researchers
- Non-governmental organizations
How Microsoft Responded to the Attack
On March 2, Microsoft released emergency security updates to plug the four security holes in Exchange Server versions 2013 through 2019 from Internet-facing systems running Exchange.
Dangers of Ransomware Attacks Following the Data Breach
Ransomware is malicious software that typically infects a computer and encrypts all of the data on it so that the owner cannot access their system. There may be a message that says that the owner must immediately pay a large sum of money in order to regain access to their system. The global cost of ransomware is projected to reach $20 billion by 2021. Every 40 seconds, a business falls victim to one of these attacks.
These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. They may then demand payment before they will allow the owner to access their own system. Oftentimes, even if the victim pays, the criminal will still withhold the system or demand more money.
These attacks commonly follow a data breach like the one experienced at Microsoft. In addition to stealing information from email communications, hackers may also install malicious software into the vulnerable systems. #Exchange #Email Click To Tweet
Ways to Protect Yourself from Ransomware Attacks
Fortunately, there are several ways that you can increase your organization’s security and prevent ransomware attacks from happening, including:
1. Learn About the Most Recent Trends
Cyberattacks can change rapidly. However, hackers will often use similar processes as they gear up for an attack. For example, Emotet or Trickbot infections are often an early warning sign of an attack by Ryuk. If you spot any early warning signs, run a full compromise assessment to minimize or eliminate damage.
2. Be Careful in the Cloud
While cloud services are becoming increasingly popular, this does not make them impenetrable. Ensure that you have full visibility over cloud services in case attacks are targeting cloud servers.
3. Update All Software
Software patches are often released once security vulnerabilities like those found in Microsoft’s systems are discovered. Set your systems to update automatically so that you always have the latest and most secure systems and software possible.
4. Limit Access
Avoid giving access to sensitive business data to everyone in the organization. Segment the data so that your business is not so vulnerable.
5. Perform Penetration Testing
Have your internet security professionals test out how secure your network is by conducting occasional penetration testing on it. Try to identify any vulnerabilities and correct them before hackers find and exploit them. Make sure that outsider users cannot remotely access your devices.
6. Train Staff
Your staff is your first line of defense against cybersecurity attacks. Train them well on good cybersecurity practices, such as not opening links or attachments from unverified senders.
7. Perform Regular Backups
Ransomware attacks are often successful against businesses that cannot easily recreate the data through a recent backup. Perform daily backups to thwart these attacks.
Microsoft’s attack is just the latest attack of its kind. It is now more important than ever to stay protected and to take all steps to defend your business. Follow the steps above to heighten your security, especially if you were one of the Microsoft attack’s victims.
David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.