Cyber Alert – Microsoft Hack
On March 2nd, Microsoft released emergency security patches to address four security vulnerabilities that reportedly were exploited by hackers, impacting over 30,000 U.S. governmental and commercial organizations. According to multiple security experts, tens of thousands of email servers were hacked, and the hackers were able to gain access to e-mail accounts. The vulnerabilities also gave the hackers the ability to install malware that could potentially be used in the future. According to Microsoft, organizations running versions 2010 through 2019 of the Exchange Server were potentially impacted; Exchange Online was not affected.
The severity of this incident cannot be overlooked. In fact, the former director of the U.S. Cybersecurity & Infrastructure Security Agency (CISA), Chris Krebs, tweeted, “this is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/30.”
Based upon current information, experts believe the attack was carried out by a Chinese hacking group.
What Should You Do?
Microsoft is working closely with CISA and other government agencies to ensure they provide appropriate guidance and mitigation recommendations to organizations, but the best protection is to apply the emergency security patches immediately. Impacted customers are also encouraged to reach out to Microsoft’s support teams for additional help and resources.
Unfortunately, many organizations may have already been compromised prior to the patching guidance release. Microsoft provided a script on GitHub for organizations to run to test whether their server has been compromised. Indicators of compromise were also provided.
If your organization utilizes Microsoft Exchange you should put your cyber insurance carrier on notice as soon as possible. Although you may not have noticed anything suspicious, it’s better to be safe than sorry. It’s likely we will not know the full impact of this incident for months.