Why You Should Stop using a Microsoft Exchange Server

Why You Should Stop using a Microsoft Exchange Server 1

Some of us like taking risks.

We need that adrenaline.

In business, though, risk is something to be evaluated carefully. If excitement is what you are seeking, rather go for Texas gambling and treat yourself with a pause of pure entertainment. 🙂

When you are done, come back to the office, and let’s talk server security. In case you are using Microsoft Exchange, and you have opted for running your own server “on-premises”, you are in danger!

Have you ever heard about Hafnium?

Amazon Affiliate WordPress Plugin - The #1 plugin for successful Affiliate Marketing

No, not the chemical element with the symbol Hf and atomic number 72.

We are talking about a Chinese hackers’ group, “assessed to be state-sponsored” as Microsoft states on his website.

Who are Hafnium Hackers?

Microsoft asks the same question but cannot really answer: Hafnium primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.”

Whoever they are, they are up to no good.

Breaches against Microsoft Exchange

A first round of breaches against Microsoft Exchange was noticed when Hafnium dropped web shells onto servers at a noticeable rate on February 27th and 28th. Later, TrustedSec discovered that very few of the available targets were actually hacked.

SEMrush

Hafnium installed the web shells on a small number of the servers that it visited and scanned for vulnerabilities in those two days.

Must Read-  How to Track My Boyfriends Text Messages Without Him Knowing

The second round followed on March 2nd  and 3rd when the attackers physically return to the addresses that they had found vulnerable to drop a web shell so they could go back in person later.

This might explain while the patches released by Microsoft did not solve the problem. Microsoft patched four Exchange Server vulnerabilities that the hackers had used.

Vendors frantically rushed to patch systems, but breaches were not stopped.

Impact on servers security

Hundreds of servers were affected. Some researchers suggested that the total could be much more dramatic, in the range of a hundred thousand.

The problem is that criminal groups can reverse engineer patches and again beat Microsoft at its own game.

They can easily see what fixes Microsoft has applied, reverse engineer their own exploits, and open the door to an escalation of attacks. Ransomware, for example, could hit anyone who’s still exposed.

Unluckily, this seems to be just the case.

Groups of hackers have been spotted by analysts, all of them busy taking advantage of the attack’s opportunities. Organizations that are slow in defending their systems will soon find out that there is a specific moment when criminal ones replace espionage activities.

Microsoft action against hackers

In the week since Microsoft first released its patches, the dynamic already appears to be playing out.

Analysts have seen multiple groups, most still unidentified, getting in on the action in recent days, with more hackers likely to come. The longer organizations take to patch, the more potential trouble they’ll find themselves in.

Must Read-  [#Infographic] 7 Creative Content Curation Tools for Social Media Managers

On the other hand, patches are a double-edged sword. Both researchers and malicious hackers can use them to study a vulnerability in the system and figure out how to exploit it to their ends.

If the mysterious Hafnium seems to be an espionage group, they have now opened the path for cryptocurrency miners and ransomware thugs to wreak their own havoc by running cryptominers on exposed Exchange servers.

Digital Marketing Head @ Coupontopup.com

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.