Cyber security threats are hitting major US companies. We are seeing it more and more…
Major US companies are being hacked regularly. While many have been dealing with this issue for years, the campaigns for cyber hacks have become more aggressive.
This is why we are launching a series called “Cyber Hacked Stories”.
In this issue of “Cyber Hacked Stories”, we look at the recent cyber security breach on Microsoft’s Exchange Server. Microsoft is a major organization that is trusted by many businesses, large and small.
With the reliance on more remote work and remote access to systems, Microsoft products have been the cornerstone of keeping teams connected. How is that increasing your business’s exposure?
Read on to learn more about the aggressive cyber campaign targeted at Microsoft’s email service. Plus, we have some tips to help you limit your ransomware exposure if you are using Microsoft’s Remote Desk Protocol.
Cyber Hacked Stories: Microsoft Email Service Hacked in Aggressive Cyber Campaign
Tens of thousands of organizations around the world using Microsoft’s Exchange Server have been compromised by a cyber campaign suspected to have ties to China. This campaign exploited software vulnerabilities to seize control of systems and steal data, according to researchers.
Security researchers at Volexity first detected the hack in January 2021, according to Microsoft. Volexity has provided a full overview of the technical details on its website. FireEye’s Mandiant also reported evidence that the campaign hit U.S. retailers, local governments, a university and an engineering firm. Cybersecurity blogger Brian Krebs reported at least 30,000 U.S. organizations could be affected, among them being small businesses and municipalities.
In a blog post, Microsoft researchers detailed the recent exploits of a highly skilled and sophisticated threat actor they call Hafnium. The threat actors were able to infiltrate Microsoft’s Exchange Server software using stolen credentials or zero-day vulnerabilities. They could then create web shells with administrative access, allowing the bad actors to steal data or control systems remotely.
According to Microsoft, the group typically targets U.S. entities, especially infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and other nongovernmental organizations.
Microsoft issued emergency security updates to protect Exchange Server customers. It should be noted that the hack is not related to the recent SolarWinds supply chain attack. Multiple security researchers reported that, after Microsoft issued its patch, hackers seemed to have kicked the hacking campaign into overdrive to access as many unpatched systems as possible.
The federal Cybersecurity and Infrastructure Security (CISA) issued an alert to help organizations determine whether they may have been compromised.
On Twitter, former CISA head Christopher Krebs called the event a huge hack, adding that the affected parties dwarf the already-high reported numbers. Any organization using Outlook Web Access should be checking whether it has been compromised, according to Krebs.
“[The compromise] is going to disproportionately impact those that can least afford it,” Krebs said in a Tweet. “Incident response teams are burned out, and this is at a really bad time. Few organizations should be running exchange servers these days.”
Hacking the email systems of hundreds of thousands of organizations could not only lead to intellectual property theft but could also give rise to data breaches, business email compromise attacks, funds transfer fraud and other risks that would trigger insurance policies that cover cyber events. Having built backdoors into countless systems, the malicious actors can also come and go freely unless detected and locked out quickly, making patching and quick remediation essential.
The event comes at a time when federal lawmakers have been advised to quickly streamline the process of sharing threat information between the government, security firms and the private sector. A recent Senate hearing revealed some willingness on the part of lawmakers to move toward mandatory breach reporting with possibly liability protections for breached parties.
Lessons from the Cyber Hack Series
Now is the time to protect yourself, your business, and your employees. If you use Remote desk protocol, then here are some steps for limiting your exposure to ransomware
How to Limit Ransomware Exposures From Remote Desk Protocol
Remote desk protocol (RDP)—which is a network communications protocol developed by Microsoft—consists of a digital interface that allows users to connect remotely to other servers or devices.
Unfortunately, RDP ports are frequently being leveraged for launching ransomware attacks. In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyberattacks occur each day, with RDP reigning as the top attack vector for ransomware incidents.
Don’t let RDP cause a ransomware incident at your organization. Review these tips for minimizing the likelihood of such an incident:
- Close your port. RDP-based ransomware attacks usually stem from organizations leaving their RDP ports exposed to the internet. As such, always keep your RDP port closed to the internet.
- Establish a virtual private network (VPN). A VPN will allow employees to securely access your RDP port, while also making the port harder for cybercriminals to locate online.
- Bolster your software. Ensure all workplace technology is equipped with top-rated security software to help deter attempted attacks.
- Restrict access. Be sure to uphold the principle of least privilege by only providing employees with RDP port access if they absolutely need it to conduct their work tasks.
LEARN MORE ABOUT OUR SERVICES
(home, auto, boat, motorcycle, umbrella coverage, and more)
(business liability, cyber, E&O, property, worker's comp, and more)
(health, life, dental, vision, and more)