Data Breach Prevention: Microsoft Exchange Server vulnerability

Microsoft Exchange Server Vulnerability Puts 60,000 Businesses at Risk

Terror is when you come home and notice everything you own has been taken away and replaced by an exact substitute. – Stephen King

Sixty thousand is the population of a small city. Imagine every person waking up one morning to find their front door unlocked, windows open, and possessions slightly ajar. The picture frame with a photo of your children isn’t on the mantle anymore, instead, it’s on the kitchen table. Your laptop is still there but not quite where you left it the night before. Everything seems to be accounted for except for your keys. The intruder took those so they can revisit you and your home at will.


In fact, Sixty thousand enterprises are currently facing this scenario and associated business risk according to Bloomberg. On January 6th, an exploitation of a vulnerability in Microsoft Exchange Servers was reported. It was not until March 2 that a patch was developed and distributed to these companies to protect their data, reputation, and assets. While the culprits are still being positively identified, current evidence suggests Hafnium, a state-sponsored hacking group out of China is responsible. According to Dubex, in their blog post Please Leave an Exploit After the Beep, Hafnium used a “web shell” backdoor installed via the “unifying messaging” module, a component of Exchange that allows an organization to store voicemail and faxes along with emails, calendars, and contacts in users’ mailboxes. So long as these “web shells” are left intact, the culprits can reenter Exchange servers at will. The reason for these hacks is not yet clear, and we are slowly learning more about the victims. The current list of victims includes banks, senior care facilities, and electricity providers. The possible damage from a compromised electricity provider is top of mind for many in the US. Only a few weeks ago, Texas, the largest single power grid in the United States, suffered a total power failure leaving millions of people freezing in subzero temperatures. Lives were lost, homes destroyed and countless possessions damaged. This disaster was due to a powerful storm and cold front, a natural disaster, a human-made disasters can be as devastating or worse. There exists a wealth of information in a company’s email. A clever hacker or cybercriminal can and will find ways of using the information inside emails to damage a company. Possibly to even damage the organization’s infrastructure. It would not be the first time a US power company came under threat of assault, see Russia’s threat against US power plants in 2018. It is not much of an intuitive leap to suspect a state-sponsored hacker would turn over possibly crippling information to their sponsor. On March 2, Microsoft patched four flaws in Exchange Server 2013 through 2019 (including the no longer supported 2010 Exchange Server) which should prevent further exploitation, but merely changing the locks isn’t enough. A watchful eye and recovery of the stolen information are needed to make a company whole again. This is where CybelAngel can help. With our AI-powered technology, CybelAngel scours the entirety of the internet, including the deep and dark web on a constant search for your company’s data. Once a leak is detected, it is analyzed and an alert with contextualized data is delivered to you via an intuitive dashboard. Our trained analysts provide a detailed analysis and the option of an on-request takedown, to remove your sensitive information from the web. Withthousands of servers compromised per hour, globallytake a moment to see if you’re at risk with our free assessment. As always, remember,” Leaks are inevitable. Damage is optional.”