According to the AP, on Monday, July 19, 2021, the Biden administration and Western allies formally blamed China for a massive hack of Microsoft Exchange email server software that occurred earlier this year. The broad range of cyberthreats from Beijing included ransomware attacks from government-affiliated hackers that have targeted victims — including in the U.S. — with demands for millions of dollars.
Cybercriminals could possibly gain access to Exchange servers, which gives them free rein to thousands of email accounts and the ability to easily install malware that acts as a kind of “doorstop” — hackers holding the door open to ensure long-term access to the data they are exploiting.
This catastrophic data breach could affect thousands, many of whom don’t even know they’re at risk.
Exchange’s popularity makes it a rich target for cybercriminals
According to The Wall Street Journal, as many as 250,000 Microsoft customers may have fallen victim to the Exchange Server breach. Most of those affected have little information of value, but the hackers likely gained access to some sensitive intelligence data.
Patching is the first step to protecting against damage of this breach. Microsoft has urged IT administrators and customers to apply the security fixes immediately. Though software patches prevent new access, they do nothing to address established web shells. Hackers with existing remote access are still set up to spear phish at will.
An advisory from the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency laid out specific techniques and ways that businesses can protect themselves.
General mitigations outlined include:
- Prompt patching
- Enhanced monitoring of network traffic, email, and endpoint systems
- The use of protection capabilities, such as an antivirus and strong authentication, to stop malicious activity
We’ll go one step further and recommend security awareness and phishing training/testing to help strengthen your human cybersecurity shield.
ACE IT Solutions cybersecurity experts stay on top of the latest security exploits to keep our clients’ networks and data secure and protected. Our robust security program is designed to give you peace of mind that your business’ important assets will not fall into the hands of hackers.
Contact ACE IT Solutions at 646.558.6358 to schedule a complimentary cybersecurity assessment. We will assess your systems to discover gaps in your cybersecurity program, to ensure you can prevent and recover quickly from disruptions. We can also help you put in place essential security measures, including security awareness training, to be sure you are doing everything you can to protect your business and ensure continuity.