Your Best Solutions to Limit Microsoft Exchange Vulnerabilities
It’s been a few months since hundreds of thousands of organizations across the U.S. (and the world) found they had been hacked by Hafnium, a Chinese espionage unit focused on stealing emails through flaws in the Microsoft Exchange service email software. The four “zero-day” Microsoft Exchange vulnerabilities are known together as ProxyLogon and affect Exchange Server versions 2013 through 2019.
The hackers left behind a web shell. A web shell is a small piece of malicious code that provides remote administrative access to run commands on servers to steal data or use the server as a launchpad for other cyber theft.
While Microsoft released security updates immediately, any delay in updating furthered hack opportunities. At one point in early March, it was estimated that thousands of servers were being compromised globally every hour.
The Microsoft Exchange hack was one of the latest in a series of recent cyberattacks (including the June ransomware attacks on Colonial Pipeline and JBS.) This active exploitation continues to illustrate the vulnerability of the public to threat actors who seem always to find a new way to break in.
“You can be doing all the right things, like patching your systems, and following the right processes, only to find new vulnerabilities that you weren’t aware of,” observes NetDiligence’s Chief Technology Officer Vinny Sakore. “But is there really anything we can do to keep our systems safe from attack, or will we always be applying patches afterward?”
Fortunately, there are several good steps that can be taken to help limit Microsoft Exchange exposure. Lee Trotter and Yinan Yang of CrowdStrike explain.
SaaS, AI, MFA, and More
When it comes to cybersecurity, it doesn’t matter how good people, processes, and technology are. It’s about adding layers to the mitigation to catch risks, address them, and prevent them going forward. SaaS (software as a service) is a critical place to start.
“SaaS can be deployed as sensors to endpoints such as work stations, laptops, services, and virtual environments,” says Program Manager, Legal & Insurance Lee Trotter. “At CrowdStrike, we collect data from trillions of events weekly all around the world. Then we apply that data to our Threat Graph in Amazon Web Services. We analyze it and then apply that data to the sensors so they can recognize attack methods or what’s malicious use or normal use. Then we can train machine learning algorithms to recognize how abnormal a particular program is.”
Trotter adds that CrowdStrike is unique in that it can collect data once and repurpose it for a variety of different use cases. Then, people and processes can assist the technology by bringing insights to the data to understand if a situation is really abnormal or not.
This machine learning, or AI (artificial intelligence), plays a critical role in gathering and enriching data, which is important when it comes to cyber insurance underwriting, Trotter says. “Underwriting is now going beyond Yes/No questions to Who/What/When/Where/Why questions, which this data provides,” he says.
AI also frees up individuals to go out and effectively threat hunt, perform other IT operations, and apply their knowledge and experience when and where it’s most necessary.
But probably the most critical thing you can do for ongoing cybersecurity, according to CrowdStrike’s Incident Response Manager Yinan Yang, is to use multi-factor authentication MFA. “In incident response, I can’t tell you how often most of the risk would have been mitigated if MFA was in place,” he says. “All these other things are important to have, but it’s wise to look at your identity and how you’re doing authentication.”
Other Security Checks
In closing, Trotter and Yang noted that it’s important to take a look at your email gateway security and your endpoint security platform. You’ll want to make sure you’re following a backup schedule and keeping your backup segregated. And you also want to consider IT hygiene. Looking into all of these factors will give you the complete picture you need before you can start to access where problems could potentially arise.
Watch the video for Sakore’s, Yang’s, and Trotter’s full discussion on Microsoft Exchange vulnerabilities and the latest solutions.
We thank CrowdStrike’s Yinan Yang and Lee Trotter for sharing their insights on Microsoft Exchange vulnerabilities, machine learning, and MFA. CrowdStrike provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. They offer a single-agent solution to stop breaches, data theft, and cyberattacks.