Exchange Server Threats Highlight the Need for Comprehensive Cybersecurity

Microsoft issued emergency security patches for multiple versions of Exchange Server on March 2, 2021. The updates addressed a series of zero-day exploits that compromised hundreds of thousands of on-premises Exchange Servers worldwide. Known collectively as ProxyLogon, the advanced persistent threats (APTs) allow an attacker to open a “backdoor” in Exchange Server that can be accessed from the Internet.

Microsoft Exchange Hack

As of March 22, 2021, the Microsoft Security Response Center reported that 92 percent of Exchange Servers had been patched. Unfortunately, the patch does not prevent ongoing ProxyLogon attacks in servers that were compromised before the patch was applied.

The Exchange Server exploits illustrate the need for a comprehensive cybersecurity strategy that includes layered security controls and ongoing monitoring. Organizations should also be prepared to respond rapidly if a security threat is detected in their environment.

 

Advanced Persistent Threat

An APT is an attack that gains access to a computer system or network and remains undetected for a long period of time. The attacker is often a nation-state or a state-sponsored group. According to the Microsoft Threat Intelligence Center, the Chinese state-sponsored group HAFNIUM is responsible for the ProxyLogon attacks, although other cybercriminals have also been taking advantage of the exploit.

The Exchange Server exploits illustrate the need for a comprehensive cybersecurity strategy.

On Dec. 10, 2020, a security researcher discovered a vulnerability in Exchange Server that allows a hacker to bypass authentication and gain administrator-level privileges. From that point, an attacker can run commands and upload files to the server.

As a result, cybercriminals have used the ProxyLogon APTs to access email accounts and data, install malicious web shells that enable remote control of the server, and launch ransomware attacks. Additionally, automated attack scripts were made publicly available, meaning that even unskilled cybercriminals could gain remote access to a compromised Exchange Server.

Cybersecurity experts warn that applying the patch is similar to closing and locking a door. It does nothing to stop a criminal who is already inside.

 

How GDS Can Help with Cybersecurity Threats

GDS delivers a suite of cybersecurity solutions and services that can protect organizations from APTs. It all begins with Advanced Infrastructure Security, which combines deep packet inspection, intrusion prevention and content filtering to identify and block malicious network traffic. But this solution does not end with perimeter security. It continuously monitors activity around the clock to identify anomalies that could point to a zero-day exploit or unknown malware.

Our Advanced Infrastructure Security solution works in concert with the other tools in our cybersecurity arsenal:

  • Email security that blocks phishing, malware and ransomware, and stops blended attacks that combine multiple threat vectors.
  • Web security that detects malicious web content, controls the use of unapproved applications and prevents data leakage.
  • End-user security that protects remote and mobile users and actively monitors endpoint devices to detect and mitigate threats.

All GDS security solutions are monitored and managed 24x7 by the expert team in our Network Operations Centers. We handle the administration of security tools and act quickly to mitigate any threats that are detected.

GDS also provides managed infrastructure services to keep your environment up-to-date. We will ensure that patches are applied promptly, further reducing the risk that your systems will be attacked.

 

What to Do Next

If you have on-premises Exchange Server, we encourage you to contact GDS right away for a confidential consultation — even if you’ve applied the emergency patch. We may recommend a thorough security assessment to determine if your system has been compromised or there are active threats in your environment.

It’s also important to remember that on-premises Exchange Server is just one of many potential attack vectors that cybercriminals are exploiting. GDS can help you develop a cybersecurity strategy that protects all of your systems from the latest threats.

 

 

Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >