On March 2nd, 2021 Microsoft reported that four zero-day vulnerabilities are being actively exploited by the state-sponsored hacker group known as HAFNIUM. The vulnerabilities are being used to attack on-premise Microsoft Exchange servers. They were detected earlier this year and the attack campaign is still ongoing.
Exploiting these vulnerabilities has allowed HAFNIUM to steal email communications, infect systems with malware and gain long-term access to victims’ environments.
The vulnerabilities exist in Microsoft Exchange 2013, 2016, and 2019. So far it does not appear that they impact Office 365 or Exchange Online. Microsoft is urging users of the affected versions of Exchange Server to immediately apply patches to address these four critical vulnerabilities. Additional guidance on protecting Microsoft Exchange environments from known vulnerabilities is also available from Microsoft.
Zero-day exploits like this underscore the importance establishing a strong and comprehensive defense against cyber–attack. Through our experience as a leading National Managed Service Provider (MSP) and Managed Security Services Provider (MSSP), TPx has established several best-practice solutions that help our customers identify, prevent, and recover from more attacks more quickly and can keep ANY organization safe. These include:
Patch management: Fast identification and application of security patches (like the ones described above) can limit your window of exposure.
Next–generation antivirus: Next–generation antivirus software applies more advanced detection techniques than traditional AV to guard against more types of malware and exploits.
Managed Detection and Response: MDR combines proactive threat identification software with skilled resources that monitor and alert on security events, perform advanced threat hunting, and quickly respond and remediation them. MDR can significantly improve your ability to identify and prevent attacks before they cause damage.
DNS Protection: The Internet can be a scary place. With DNS protection in place, organizations can prevent users from inadvertently accessing malicious sites or downloading malware. This is especially important in a remote work environment.
Security Awareness Training: We can’t forget about people. The number one vulnerability all businesses face is their employees. Establishing a regular security awareness training program that includes phishing simulations can prevent common user mistakes that are the root cause of many attacks.
Employing these best practices can help you minimize the threat that cyber–attacks pose to your organization. It’s important to note, however, that no matter what preventative measures you put in place, you cannot eliminate the threat entirely. You likely WILL be attacked at some point and that is why it is critical to have a proven Backup and Disaster Recovery (BDR) solution in place. The right BDR solution will allow you to minimize downtime and quickly recover your data in the event of an attack.
Leveraging the resources and expertise of an experience MSP/MSSP like TPx allows small businesses to achieve the benefits of these advanced solutions without the burden and expense of building and managing them internally. For more information, visit TPx.com.