The compromise is actively being used to access organization’s emails, create backdoors that will allow future network infiltration attacks, launch ransomware and cause disruption to an organization. Unfortunately the attacks require minimal skill to execute and attack software is begin actively used across the internet.
We recommend you check with your IT team, or managed service provider, to determine if you host Microsoft Exchange on your network. If so, we encourage you to take the following actions:
- Patch the Microsoft Exchange Server immediately ensuring the following vulnerabilities are patched: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
- Ask your IT team, or managed service provider, to use the Microsoft “hunting tools” to scan the logs of the Microsoft Exchange Server to look for indicators of a compromise. Microsoft has published guidance here and the scripts and tools can be found here.
Due to the ease of compromise, the existing attack tools, and the known attacks, it is not good enough to simply patch Microsoft Exchange, the second step must be taken to verify no compromise has already occurred.
See our SolarWinds Orion E-Focus located here for additional information on creating layers of cyber defense to protect your organization.
If you need assistance, please feel free to reach out to our Cyber Security Services team.
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.
All Business Advisory News Cyber Security Overview
The recent announcement of multiple threats to on premise Microsoft Exchange 2013-2019 Servers highlights the need for constant vigilance for internet accessible systems and applications. According to media reports over 30,000 organizations in the U.S. and hundreds of thousands around the globe have been compromised.