Last week, it was reported that as many as 30,000 governmental and commercial organizations had become compromised in an attack against Microsoft Exchange Server. More recently, this number has doubled to 60,000 known victims globally — many of which appear to be small and medium-sized businesses that depend on the email software. By the time you read this post, it is likely even more organizations will have been affected.
The attack has been attributed to a suspected state-sponsored Chinese hacking group which Microsoft is calling “Hafnium.” Of the attack, a former national security official with knowledge of the investigation stated to Wired, “It’s massive. Absolutely massive … We’re talking thousands of servers compromised per hour, globally.” Another source, who spoke to the publication on the condition of anonymity, claimed the number of hacked Exchange servers is over 30,000 in the US alone, with hundreds of thousands of others worldwide.
SolarWinds vs. Microsoft Exchange Server Hack
The SolarWinds breach, which I’ve discussed in a previous blog, was deemed to be one of the most sophisticated, complex and damaging attacks of all time at the beginning of this year. Its organizers executed a silent espionage campaign against specific, high-value targets that lasted well over a year before it was noticed. In contrast, Hafnium cast a wide net when they infiltrated the Microsoft Exchange Server system in early January, hoping to collect whatever information they could get ahold of. Though Hafnium was silent at the beginning, they began exploiting zero-day vulnerabilities in Microsoft’s Outlook Web Access as Microsoft worked to shut down the hack.
Small and Medium-Sized Organizations Targeted
Unlike large, enterprise organizations that have already migrated to cloud-based computing, the above-mentioned small and mid-sized organizations that depend on the on-premise solution are likely to come out as the biggest victims of this breach. Those who are using Microsoft Exchange Server are being urged to patch installations immediately to combat the program’s vulnerabilities.
How Phishing Emails Could Make Matters Even Worse
Aside from the obvious risk of data theft, malware and backdoors being left open to return to later, it’s important to note these hackers can view the millions of emails organizations have been sending and receiving. These emails provide intimate insights into each user’s social graph: who they speak to, along with when and how. This is where the risk of increasingly specific and targeted spear phishing emails comes in.
Imagine you have been in regular communication with an individual from another organization. If either of your accounts have been breached, the hackers know exactly what has happened in your exchanges. This means they can now formulate a convincing email that carries on the natural flow of your conversation. You won’t know that the email you’re anticipating isn’t really from the person you’re expecting it from. All it takes is opening one “invoice” to embed a malicious program on your system and compromise your machine and/or network.
How to Avoid Falling Victim to the Microsoft Exchange Hack
The reality is that we are going to have emails coming through that look 100 per cent legitimate and can easily fool us into viewing or, even worse, opening attachments.
In the past, I’ve recommended to never open something you’re not expecting and to always check with the sender before proceeding. Now, all these rules have gone out the window. Aside from being extra vigilant, there is sadly no concrete best practice to reference going forward.
My advice: assume that your email has been compromised and conduct your business accordingly. Or, better yet, live in a world where you imagine email attachments no longer exist. Instead, opt to use an alternative method of file sharing such as OneDrive, Teams, Slack or secure file transfer. While sending email attachments is certainly one of the most convenient ways to share files, transferring and receiving data of any sort via email is not secure. If you haven’t read my article on Why It’s Time to Stop Sending Attachments Via Email, I’d recommend it now more than ever.
You may also be interested in...
By now, we all know not to click on links from unknown senders, but what about from people we do know? In this blog, we focus on the surge in ransomware attacks via email attachments.
Four in five firms have suffered a cybersecurity breach caused by a third-party vendor in the past year. While internal threats are certainly a tangible concern, this internal-focused approach fails to recognize another leading cybersecurity threat: vendors.