Some data breaches are localized and at a smaller level, and then there are others that have a global impact because they target a system multiple companies use.
This is the case with the recent hack of tens of thousands of Microsoft Exchange Servers around the world. It’s estimated that approximately 250,000 organizations, including small and large businesses and governments, may have been impacted.
And many are still being impacted because they haven’t yet installed the security patches released by Microsoft to combat the issue. Many of these are small and medium businesses, whom hackers often targetbecause they tend to have less security for their on-premises servers than large corporations.
Microsoft issued patches for the following impacted products:
- Microsoft Exchange Server 2010 (Service Pack 3)
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
What’s at risk with this hack?
Using four different exploits, hackers can take over a company’s server that is running Microsoft Exchange by editing admin permissions, rewriting file paths, and executing code.
Any data that you have on your Exchange Server, including email, is all subject to being compromised if you’re a victim.
What You Need to Know About the Hafnium Hack
Why is this compromise being called “Hafnium?” Because the group that first found the Exchange Server vulnerabilities is a known state-sponsored threat actor called Hafnium. This group operates from China and has perpetrated large-scale hacks in the past.
In the timeline of events, this particular issue got big fast. Once the Hafnium group caught wind of Microsoft working on patches to block the vulnerabilities the group had uncovered, the exploit got out to multiple other groups. These hackers all had a “free for all” and tried to hack as many Exchange Servers as they could before the Microsoft patches for Exchange Server could be released.
Timeline of Events for the Exchange Server Breach:
- December 2020: A firm called DevCore that’s based in Taipei City and that hunts security flaws, found bugs impacting the Exchange business email software.
- January 2021: Not a month later, two cybersecurity firms had customers with strange behavior happening with their Microsoft Exchange Servers.
- February 2021: Microsoft noted to security providers that it was working on a patch for these newly found vulnerabilities on Exchange Server.
- March 2, 2021: Microsoft names Hafnium as the threat actor that’s been launching attacks on Exchange Server and releases multiple software patches to fix the vulnerabilities.
- March 16, 2021: Microsoft releases guidance to those who may have been hacked.
- March 19-22, 2021: More attacks are being reported relating to the vulnerabilities found from the Hafnium hack. One relates to a REvil ransomware attack against Acer, and another type of ransomware called “Black Kingdom” is also infecting servers using the Microsoft Exchange Server vulnerabilities.
Am I Still Vulnerable?
Microsoft notes that you could still be vulnerable even if you’ve applied its security patches for Exchange Server. This is because the patches keep someone new from exploiting those vulnerabilities to gain access to your server. However, if they already gained access before you applied the patch, they can still be in your system.
Why It’s Time to Consider a Move to Microsoft 365
There are advantages to running your own on-premises Microsoft Exchange Server. But, with the increase in cybercrime and costs for keeping servers secure, the disadvantages are starting to outweigh the advantages.
In this Hafnium hack, the businesses that weren’t impacted were those using Microsoft 365 for their email. Exchange online was not impacted by this breach and did not have the vulnerabilities that the Exchange Server had.
Microsoft 365 allows you to use your business domain email and use its cloud server to administer your email accounts. This is proving to be more secure than trying to host email yourself with an on-premises server.
According to the Verizon Data Breach Investigation Report (DBIR), of the data breaches that occurred in 2019:
- 70% were breaches of on-premises assets
- 24% were breaches of cloud assets
Here are some of the advantages of moving from a Microsoft Exchange Server to Microsoft 365 for your business email.
The reason on-premises assets are breached nearly 3x as much as cloud assets is that companies like Microsoft, Google, and others spend millions on cybersecurity to ensure the servers hosting those cloud assets are completely secure.
When you’re running your own on-premises server, hackers have multiple ways to get into your network and server, and unless you’re an expert, it’s hard to keep up with them.
When you run a server, you must keep it maintained both from a software and hardware perspective. This means ongoing administrative costs.
You don’t have those types of costs when you use Microsoft 365 and have your email hosted in the cloud through Exchange online. Everything is taken care of for you and you always have the most updated version of the software.
Better Business Continuity
If something happens to your physical office space where your Exchange Server is located, then you could end up losing your ability to send and receive an email for several hours or days.
Using cloud business email helps ensure business continuity because your email and account administration can be accessed from any location. Microsoft also has redundancies that ensure uptime for customers.
Get Help Migrating Your Email to M365
Rocky Knoll Technologies can help your Charlotte area business with smooth email migration to Microsoft 365 for better security and availability.
Contact us today to schedule a free consultation. Call 704.594.7292 or reach us online.