Microsoft Exchange Attack
Am I affected? What can I do?
Hackers are actively exploiting recently discovered zero-day vulnerabilities in Microsoft Exchange Server. Tens of thousands of email servers are at risk of destructive attacks according to Microsoft.
Update March 24
Microsoft released a one-click mitigation software called Exchange On-Premises Mitigation Tool. It applies all the necessary countermeasures to secure vulnerable environments against the cyber attacks.
Microsoft Exchange Server is an email inbox, calendar, and collaboration solution. Its users range from enterprise giants to small and medium-sized businesses all over the world.
What happened?
Microsoft has detected a new kind of file-encrypting malware called DoejoCrypt (or DearCry), which uses four vulnerabilities that the tech giant linked to a new China-based hacking group called Hafnium. The attacks may have started as early as January 6 (as claimed by Volexity).
According to Microsoft, Hafnium was the primary group exploiting these flaws, likely for espionage and intelligence gathering. However, other security firms claim to have seen more hacking groups exploit the same flaws.
Between March 11 and March 15, attack attempts have increased 10 times. At least 30.000 organizations have been attacked. Palo Alto Networks suggests there still are at least 125.000 unpatched severs worldwide.
What are the vulnerabilities?
Active exploits in known attacks:
CVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
Unrelated to known attacks, but dangerous enough to patch:
CVE-2021-26412
CVE-2021-26854
CVE-2021-27078
These critical vulnerabilities impact on-premise Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Exchange Online is not affected.
When chained together, all of the vulnerabilities can lead to server hijacking, data theft, backdoors, RCE (Remote Code Execution), and possibly further malware deployment.
What do I do now?
Microsoft has urged IT administrators and customers to apply security fixes immediately. Do you want to check if your Exchange Server is vulnerable?
Fill in the form below and we will contact you for a checkup.
