Why You Should Upgrade To Microsoft 365 Exchange Online

Executive Summary:

On January 3rd, 2021, it was discovered that a Chinese hacking firm was compromising on-premise Exchange email servers world-wide. This hack allowed them to steal entire mailboxes and gain full access to email servers. Four separate vulnerabilities were found that affected Exchange Server 2013, 2016, and 2019. The biggest problems facing on-premise systems are that the organization is responsible for developing and maintaining the security architecture for the company. Office 365, powered by Exchange Online, offers automated methods to audit company emails, SharePoint, OneDrive, and Teams data for sensitive information and auto-apply encryption labels.

Background:

As of January 3rd, 2021, it was discovered that a state-sponsored Chinese hacking firm, HAFNIUM, was compromising on-premise Exchange email servers world-wide in a manner that allows them to steal entire mailboxes and gain full access to email servers.  Global cyber-security firms and the US Defense Department have reported that although attacks were careful and targeted back in January, as of February 26th (before patches were released) at least 10 known groups, mostly government-backed cyber-espionage teams, had begun running this campaign on rival governments and companies indiscriminately across the planet.  And once Microsoft made the public announcement, more hacking firms joined in.

The Cyber-Security firm ESET released findings that they alone detected thousands of servers in over 115 countries that had been fully exploited.  Collectively, cyber-security firms estimate that tens, if not hundreds of thousands of exchange servers world-wide were and are currently compromised from this attack.  If your exchange system was compromised, not only do the security patches not solve this problem, but in many cases the exploit also leaves a backdoor open to allow other hacking groups into your network.  If your system was compromised, an incident response team will need to evaluate the entire server system to assess the breadth of the damage since depending on your network configuration, this particular attack has the potential to destroy any semblance of cyber-security within an organization.

How the hack occurred:

These hacking groups had discovered four separate vulnerabilities that affect Exchange Server 2013, 2016, and 2019.  These vulnerabilities allow attackers to gain full control of an on-premise email system.  Microsoft was first made aware of this in January and developed and released security patches for these vulnerabilities in early March, but compromised systems are not remediated by the updates, so if your system was compromised in the attack, updates alone do not evict the adversary from your email server.  Palo Alto Networks has stated that as of March 10th, over 125,000 servers world-wide are still vulnerable to attack.  And even if you run the security updates Microsoft has released, if your system was comprised, the attackers will still have full access to your systems if malware was deployed.  Sean Koessel, vice president at Volexity, the security firms who helped discover the attack stated, “The best case is espionage – someone who just wants to steal your data.  The worst case is ransomware getting in and deploying it across the entire network.”  What makes this attack so reckless is that it leaves exposed web shells on compromised systems which open the doors to other hackers to access these networks, and this opens the door to ransomware actors which without proper backup systems, can cripple and in many cases bankrupt companies.

Solution:

Migrate to Exchange Online. Office 365’s exchange online was not impacted by this attack.  Microsoft’s exchange online runs a different operating system and is the company’s number one primary email product.  On-premise exchange is a legacy product which is available for legacy purposes, typically for large organizations that haven’t made the move to the cloud.  But many organizations are migrating to exchange online for many reasons; security being one of them.

Microsoft is the largest cyber security company that no-one talks about and their cloud infrastructures are their primary offerings.  The biggest problems facing on-premise systems are that the organization is responsible for developing and maintaining the security architecture for the company.  Microsoft regularly spends billions to continuously upgrade their security practices for their cloud hosted infrastructures.  In a world where government sponsored cyber-criminal regimes are abundant, well funded, and highly motivated in their continuous cyber-attacks on the planet, the safest place to house your company’s data is going to be in a data center operated by a company poised with the resources to safeguard against attacks like these.

Apply Office 365 automated security to your data:

If your mailbox were to be stolen, wouldn’t it be nice to know that they cannot access your sensitive information?  Even with the mailbox in their hands?  Office 365 offers automated methods to search all company email, SharePoint, OneDrive, and Teams data for sensitive information and to auto-apply encryption labels.  This is makes it possible to automate data-classification and apply safeguards so that if data leaked outside of the organization, it rendered unreadable.

Microsoft 365 For Security

  • Advanced Threat Protection
  • Anti-Phishing
  • Anti-Malware
  • Safe Links
  • Anti-Spam
  • Email Notification
  • Harden Your Company's Security

How Can We Help?

  • This field is for validation purposes and should be left unchanged.