The on-premise Microsoft Exchange Server vulnerability has revitalised the ongoing debate; Cloud vs Traditional IT.
Watch Mark's video summarising what has happened and what it means to your business if you have a on-premise Microsoft Exchange Server.
Businesses with an on-premise Microsoft Exchange Server have been affected by the vulnerability, specifically their Outlook email and calendar. Whereas businesses with cloud based Office 365, have not been affected.
This is an example of where cloud has outperformed traditional IT at keeping data secure. Cloud computing has grown in popularity over the past few years, having a range of benefits. The vulnerability may prove to be the catalyst for moving email and other elements of your business to the cloud.
This article analyses on-premise Microsoft Exchange Server vulnerability, how it affects businesses and what to do next:
On-premise Microsoft Exchange Server vulnerability
On March 2, Microsoft announced that businesses running on-premise Microsoft Exchange Server should urgently update their servers. A zero-day vulnerability had been uncovered. This means an ongoing flaw in the network had gone unnoticed by Microsoft’s developers for some time. Cyber criminals have taken advantage of this flaw and continue to if the security update isn't made.
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM. https://t.co/tdsYGFICML
Who has been affected by the on-premise Microsoft Exchange Server vulnerability?
Any business that has 2010, 2013, 2016 and 2019 versions of the on-premise Microsoft Exchange Server are affected. Microsoft Exchange is very popular and primarily used by businesses. Unlike many cyber-attacks, this vulnerability will touch a vast array of organisations: businesses of all sizes -big and small, across multiple sectors. From local government, healthcare and banks through to shops, electricity companies and manufacturers.
What programs are affected and what could have been accessed or stolen?
In essence, hackers can steal the contents of your inbox. Information in your inbox, sent items, drafts and folders can potentially be accessed.
As well as accessing your email, hackers can potentially send emails from your email address to contacts or customers. In addition to this, hackers can potentially access and steal information from your network too - this is information stored within your IT infrastructure.
How could cyber criminals gain access?
The hackers have been able to gain access to Microsoft Exchange servers by: 1. Exploiting an unknown vulnerability in the software 2. From there, the cyber-criminal can control the compromised server remotely 3. Data from the organisation’s network can then be stolen
How do I find out of I am affected by the vulnerability?
If you are unsure, contact your IT department of IT support service to find out how your emails are hosted.
What should I do if I have a on premise Microsoft exchange server?
What’s interesting is the 2010 version is out of service, yet Microsoft took the unusual step to release a security update for that version too – indicating the seriousness of the attack and the sheer number of servers that have been affected. So, make sure your server is updated.
What should I do next? What are my options?
The attack highlights one of the downfalls of running your own servers – more responsibility to maintain security. However, it is important to consider what is best for your business. The cost, implications and security should all be evaluated.
Hosting emails on-site has other downfalls too:
If you have an electricity outage on-site, you cannot access your emails.
If your hardware fails on-site, again, you cannot access your emails.
If your office became flooded or there was a fire, you would not be able to access your emails.
If you have any concerns or questions, then please do not hesitate to get in touch with one of our IT and cyber experts.