During the SolarWinds hack at the end of 2020, countless companies experienced vulnerabilities and even data breaches. Microsoft was not a company who believe that the hack impacted users. On March 2, however, another hack took place that targeted information from different groups. Everyone from school districts to departments of the Federal government seem to be at risk in the latest targeting of Microsoft Exchange.
For those who don’t utilize the server, Microsoft Exchange is an email service that delivers mail straight to a server. The internal operations of the service help departments that deal with sensitive information to stay protected. The hack eliminates this luxury, and Microsoft is even saying that patches to address the hack will not be able to banish the hackers from system servers. Let’s explore the full extent of this event and what it means for cybersecurity practices moving forward.
What Happened to Microsoft Exchange?
During the first week of March, Microsoft cybersecurity experts noticed that Chinese hackers had targeted Exchange in order to gain access to email accounts used by various organizations. The service is utilized by countless organizations and departments in the United States and around the world. Exchange exists in numerous “editions,” including 2010, 2013, 2016, and 2019 versions. The hack appears to target every one of these versions, meaning that the code vulnerabilities aren’t new. The hackers’ ability to get into Exchange servers has existed for over 10 years.
The group Microsoft believes is responsible for this hack is called Volexity. The group is believed to operate from China and began this round of hacks sometime in January. Nearly two months after they began, the hacks are believed to be targeting a variety of U.S. entities so far. Everything from defense departments to school systems appears to be in the crosshairs of the hackers. Cloud services from Microsoft like Office 365 do not appear to be vulnerable at this time, which has even more users than Exchange.
How Does the Hack Work?
The hack isn’t all that complicated. The real surprise is how long these vulnerabilities have existed undetected by Microsoft. Hackers appear to have started by simply accessing passwords from users. There’s a chance they didn’t need passwords and were able to override the Exchange encryption by appearing as if they were meant to have access. Either way, the vulnerability is a big one.
Once the hackers had access to a server, they were able to set up a web shell that provided remote access to the server’s data and operations. From here, anything on the server would be fair game to the hackers. Access is the tricky part, but with that being an easy get for the cybercriminals, the real danger now is figuring out which servers are targeted. While patches are going out to help protect all versions of Exchange, Microsoft believes almost 100,000 unpatched servers are still operating across the world.
How Microsoft is Responding to the Exchange Hacks
Microsoft’s only move at this point is to put out patches to protect against these vulnerabilities. They’ve worked around the clock to ensure these patches are available and now are working to communicate with Exchange users about the importance of installing the patches.
The other approach Microsoft will likely begin to take is stressing the importance of security software. While this software is helpful, there are plenty of people who are turning to cloud solutions instead of traditional server-based operations. The cloud offers improved protection against these vulnerabilities and Microsoft’s main competitor, Google, is growing its user base of cloud-based email and computing.
All cloud companies have seen a rise in interest and users since 2020. The COVID-19 pandemic moved many online in a higher capacity than ever before. Because of this, cybercrime rose as thousands moved to digital operations without the necessary protections. For its cost and effectiveness, cloud hosting and security offer the best experience for users who work online.
Servers are still vital to data sharing and organizational operations but they’re functioning much more effectively in the cloud. At the very least, cloud-based computing is proving to be an avenue of interest because of continued hacks of servers and traditional software companies. While the hack might not be effective for every business, it’s certainly making everyone reassess their security measures and explore what cloud computing has to offer.
Contact IT Vortex for any of your Hosted Cloud Services and/or Managed IT Services today!