Security analysts are calling it a wake-up call – the news from Microsoft on March 2 couldn't be more alarming:
Attacks targeting unpatched Exchange systems by multiple malicious actors…
…using vulnerabilities to access on-premises Exchange servers…
…allowing the installation of malware…
Last week’s announcement of widespread vulnerabilities for on-premises Exchange servers will mark one of the largest cybersecurity events of the year, if not the decade. Estimates are that up to 60,000 systems across industries worldwide could have fallen victim to this attack which was believed to have been carried out by HAFNIUM, a Chinese state-sponsored group commonly targeting vulnerabilities in internet-facing servers. For companies still running on-premises Exchange servers, it’s hardly comforting to learn that Exchange Online wasn’t affected. But it also presents an opportunity to re-think how your company is managing email.
Patch now and plan for the future
This situation has required urgent action – every IT manager and MSP still relying on Exchange servers should have immediately dropped everything to update their on-prem installations to prevent against these exploits. Unfortunately, the available mitigations won’t protect Exchange servers that have already been accessed. Microsoft has issued additional guidance around evaluating your servers to ensure they have not been compromised with additional malware such as web shells. After your organisation has applied these updates and verified (hopefully) no breach was sustained, now is a good time to work with your MSP or data security team to make a change.
It’s time to get real about the next attack. It’s not a matter of if but when the next vulnerability will be discovered and exploited. There’s a lot to have to think about – planning for the next breach when you’re still in the middle of your incident response strategy and reporting for this one. But there’s no reason to be fatalistic. Even though bad actors will continue to test the fences, you shouldn’t accept vulnerability as a fact of life.
Why there’s safety in the cloud
If you’ve been talking about moving your organisation’s email to the cloud, now you’ve got another very big reason. Again, even though this newly-discovered Exchange vulnerability was huge, organisations already using Exchange Online were safe. That means IT managers who’ve already migrated were able to sleep right through the wake-up call. They’ve got the benefits of email in the cloud:
- Automated patching and security management – Cloud environments undergo consistent, centralised patching and security administration on a schedule that minimises disruption and delivers faster updates to ensure protection against such threats.
- Resilience to more sophisticated threats – These sorts of attacks will likely grow in frequency and technical depth as malicious actors look to take advantage of other undiscovered loopholes. Cloud environments invest in highly resilient layered defenses that create multiple barriers for these attackers, as well as better authentication protocols to prevent access.
- Top cybersecurity pros – Cloud providers commonly attract the best security professionals and keep their skills sharp. MSPs and internal IT teams, when possible, should leverage the capabilities and knowledge of these teams by trusting them and their cloud-based systems.
- More functionality– In addition to all the security advantages, Exchange Online has more functionality than its on-premises counterpart, allowing companies to take advantage of the complete Microsoft 365 ecosystem of applications.
Plan your move to the cloud today
Yes, you could argue that taking steps now to secure your email with Exchange Online is the classic case of closing the barn door after the horse has runoff. Even if you were lucky this time and you found your particular server was unaffected, there will be more incidents in the future. Designing a plan now for a fast and secure migration to Exchange Online will allow you the peace of mind that your – or your customer’s data – is safe in the cloud.
At BitTitan, we want to help. For more than a decade we’ve been helping companies move to the cloud for all the reasons outlined here, helping them increase productivity and security with Microsoft 365. If you or your organisation has been affected by this attack, contact us today to see how we can help you transition to a safer, more productive workspace in the cloud.