March 08, 2021
Microsoft Detects Zero-Day Exploits on Exchange Servers
Microsoft notified the IT community of multiple attacks on the on-premises version of Exchange Servers. It’s been identified that threat actors are using these zero-day exploits to access email accounts and distribute malware. The Microsoft Threat Intelligence Center is confident these attacks are coming from HAFNIUM, a state-sponsored group operating out of China.
Shortly after the attack, Microsoft released detection and mitigation tools to businesses to determine if they’ve been impacted by the exploitation. Resources provided by Microsoft include an updated script to search for indicators of compromise of the initial attack. Microsoft also released other mitigation recommendations for users not able to immediately apply updates.
MSPs Must Remain Vigilant
In the wake of the news of the zero-day exploits Microsoft Exchange Server users are facing, a new form of Ryuk ransomware has also been identified. The ransomware strain has evolved to exhibit worm-like capabilities including the ability to replicate itself over the local network.
According to our research, 84% of managed service providers (MSPs) are ‘very concerned’ about ransomware, with only 30% report that their clients feeling the same. With techniques constantly evolving and bad actors finding ways to circumvent preventative measures, it’s crucial MSPs have a prevention, detection, and response plan in place for their clientele.
How MSPs Can Protect Clients
This is not the first time zero-day exploits have been identified and it will not be the last. In January, SonicWall, a cybersecurity vendor, was breached with zero-day exploits.
- Automate software patching. The update for this vulnerability has been available for several months, but not all Servers were patched, leaving them vulnerable to HAFNIUM’s attacks. With automated patching, MSPs ensure their clients’ software is up to date and protected from known vulnerabilities.
- Ensure two-factor authentication is enabled across the board. This multi-layered security approach is a vital step for MSPs looking for an easy way to better restrict access to their network, applications, and systems.
- Review monitoring policies. Identify gaps in your monitoring policies and ensure you’re notified of any and all risks like ransomware and unpatched software.
- Deploy a robust business continuity solution. Get clients back up and running quickly in the event of an attack with a BCDR tool that serves every one of your clients’ needs.