Most recently, an attack that exploits Microsoft Exchange Server users has come to light. Although the attack was detected in early 2021, the impacts have been extensive and wide-ranging, with Belgium’s interior ministry announcing in late May that their entire computer system had been accessed by an intruder.
Here is what we know about the attack, how organizations can respond, and how to prepare for future incidents.
In early March, cybersecurity experts uncovered an extensive Microsoft Exchange Server attack that exploited vulnerabilities in Microsoft’s email software. More than 30,000 organizations have been impacted since the attack began in early January, with this number being cited as a conservative estimate.
The impacted organizations were running Microsoft Exchange from on-premises servers. The incident did not affect Microsoft 365 or Azure Cloud.
The attack has been attributed to a Chinese cyber espionage group that aims to steal email from victim organizations. In this attack, the group took advantage of Microsoft’s email vulnerabilities to steal the full contents of user mailboxes.
Once the attack was discovered, Microsoft worked over the next several weeks to release security updates with patches for these vulnerabilities, and it recommends that companies prioritize installing those updates on externally facing Exchange servers. Additionally, a U.S. Cybersecurity and Infrastructure Security Agency (CISA) emergency directive was issued for all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to update the software or disconnect the products from their networks.
Mitigating and assessing damage from this cyber attack should be the top priority for affected organizations and government entities. Once this is managed, it’s critical to re-examine your tech stack and prioritize your next steps to better protect your sensitive data.
Virtru was built to protect sensitive, highly confidential information for governments, businesses, and individuals alike. To learn more about how you can protect your organization’s most important data and prepare yourself to manage future cyber threats, contact Virtru today.
This post was revised on May 27, 2021 to include additional global impacts from the Microsoft Exchange Server attack.