A few months back, Microsoft noticed some bugs in their exchange servers, along with other security issues. These vulnerabilities were actively being exploited in targeted attacks. These attacks were increasing each day that went by and will continue to increase until all vulnerabilities have been patched. These attacks have impacted hundreds of thousands of organizations worldwide. The hackers are said to have gotten into the servers through stolen passwords or vulnerabilities previously unknown.
For those who are unfamiliar or don’t use exchange servers, Microsoft exchange is a server that hosts email inboxes, calendars, and collaboration tools. These tools are used by big corporations and small businesses alike. Generally, Microsoft will release patches on the second Tuesday of each month, referred to as Patch Tuesday. Since Microsoft was made aware of the attacks, they released patches before their normal schedule because of the urgency. They also released patches for the 2010 edition of Exchange even though Microsoft stopped support for it. This draws the conclusion that the vulnerabilities being exploited have been in the Microsoft Exchange servers for a while. Microsoft has also been working with CISA and other agencies to protect their customers’ servers. Even with the patches that Microsoft released to fix the holes in their customer’s servers, that still doesn’t expel the attackers from the servers. That leaves organizations open to further exploitation.
Recently the FBI got involved and have started to remove the malicious web shells left behind by that hackers as a sort of “back door” into people’s servers. These web shells are placed into existing vulnerabilities in order to give the hackers administration privileges, even after systems are updated. Companies need to work to update their systems in order to avoid being exploited and having web shells in their servers. Once you have updated your system, that is when the FBI can help and remove what is left of the cyber criminal’s back door.
What can I do to avoid these cyber-attacks?
Now, you may be wondering how do you keep this from happening in the first place? The answer is simple, keep your systems up to date. By keeping your systems up to date this can remove the possibility of open vulnerabilities just waiting for cybercriminals to find. Once the vulnerabilities are found those hackers will be sure to exploit it for there own personal gain and that means trouble for your company. It also helps to have a Managed Service Provider (MSP) on your side for good measure. An MSP like Machado Consulting takes all the stress away from solving your problems and helps to save you time and money by using preventative measures to help keep your company and data safe from attacks.
