Microsoft Exchange mass cyber-attack: Time to enhance cyber security infrastructure is now

Earlier in the month, several zero-day vulnerabilities were detected in Microsoft's popular Exchange mail server service for enterprises.

After gaining knowledge on vulnerabilities, highly-skilled bad actors understood be China-based Hafnium group actively exploited four zero-day vulnerabilities in Exchange Server affecting millions of Microsoft clients around the world.

Using security loopholes, cybercriminals created a backdoor entry to Microsoft's corporate clients' network to inject malware, ransomware, steal patented technical documents, trade secrets, and other sensitive information.

Most of the victims are small and mid-size corporate companies around the world. It is believed that more than 60,000 private companies and nine government agencies in the US alone fell victim to the attack, though the Redmond-based company attributes this to another SolarWinds Corp-related cyberattack episode carried by a Russian group a few months ago.

Time to get serious about enhancing cybersecurity infrastructure

Microsoft has released security patches to the four critical zero-day Common Vulnerabilities and Exposures (CVE) --2021-26855, 2021-26857, 2021-26858 and 2021-27065. All clients of Microsoft Exchange server service are advised to upgrade their system with the new update at the earliest.

Though this a good news, the threat of a new cyber-attack with undetected vulnerabilities still persists and even Microsoft too admits it. The latter has opened a couple of pages listing indicators of compromise for individual and security companies to assist in stopping future attacks.

"Microsoft continues to see multiple actors taking advantage of unpatched systems to attack organizations with on-premises Exchange Server. To aid defenders in investigating these attacks where Microsoft security products and tooling may not be deployed, we are releasing a feed of observed indicators of compromise (IOCs). The feed of malware hashes and known malicious file paths observed in related attacks is available in both JSON and CSV formats at the below GitHub links. This information is being shared as TLP:WHITE--- JASON format (here) and CSV format (here)" the company said.

"Microsoft's recent alert requires all companies using Exchange email servers to immediately update the patch. These new vulnerabilities in one of Microsoft's most popular services have been exploited by what appears to be an advanced cybercriminal group for months. In Check Point's recent Security 2020 report we showed that 83% of all attack vectors were email-based, and some of the world's most significant cyberattacks occurred in environments like this: vulnerabilities are found in popular platforms, a patch is created but is not automatic, and in this interim period between a patch and an upload, cybercriminals attack," noted Lotem Finkelsteen, director of Threat Intelligence at Check Point.

"Companies should update the patch immediately or use virtual patching technologies such as IPS to minimise these risks. It is important to note that this attack is relevant to all businesses using Outlook, but not to individuals/consumers. It is a server issue that the cyber attackers exploited," Finkelsteen noted.

With remote working becoming the new normal, hackers have a higher success rate by duping corporate employees into installing a malware-laced mobile app or through phishing technique via email. It is high time companies start investing more resources and cash on developing a robust security screening protocol.

The company's system admins should routinely check for suspicious activities in their computer system network and also educate the employees on best practices to avoid falling prey to phishing attacks. This helps in the early detection of threats and nipping in the bud before it causes any massive damage.

"The 'new norm' workspace has expanded the organization’s perimeter. Business data continually transfers between Bring-Your-Own-Devices, SaaS applications, and running on multi-cloud environments. With remote work as the new standard, employees are more prone to careless behavior and non-compliance to corporate policies. The organization’s attack surface has become wider, now more than ever. Modern organizations need to recalibrate their cybersecurity approach around three main elements: Securing their corporate networks and data centers, securing cloud environments, and lastly, securing employees – wherever they are," Check Point Software Technology said to DH.

Here are some tips offered by Checkpoint to corporate employees to thwart cyber threats

---Be cautious with emails and files received from unknown senders, especially if they prompt for a certain action you would not usually do.

---Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.

---Beware of “special” offers. “An exclusive cure for Coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity but most likely fraud. At this point of time, there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via email.

---Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.