A major eruption hit the business technology world a few weeks ago when it was found that Microsoft Exchange Server had some major vulnerabilities being exploited around the world.
This breach was so large and causing so many organizations of all sizes to be compromised that governments stood up and took notice. The Cybersecurity Agency of Singapore (CSA) issued a warning on its site, and the U.S. Government also discussed this breach in a press conference. There are currently known to be 60,000 organizations (small businesses, governments, corporations, etc.) around the globe that have become hacking victims due to this exploit. What this means is that those organizations had their server hacked and potentially not only had emails stolen but also could be subject to complete server takeovers due to the vulnerabilities. Here are some of the facts about this hack and why it’s a particularly dangerous one and has gained so much attention.
What is the Hack About?
In January, a Chinese government-backed hacking group found four zero-day vulnerabilities in the code for Microsoft Exchange Server. Hackers began exploiting these vulnerabilities to gain access to data and systems. Once this was discovered and hackers realized that Microsoft was working on patches, the exploits were shared widely throughout the cybercriminal community and everyone began attacking as many businesses as possible before patches could be issued. A large volume of the victims were small and medium-sized businesses. In early March, Microsoft issued patches for the four vulnerabilities and urged those businesses running on-premises servers with Microsoft Exchange Server to apply the patches immediately. Microsoft further warned that “These mitigations are not a remediation if your Exchange servers have already been compromised, nor are they full protection against attack.”
What Vulnerabilities Were Being Exploited?
There were four connected vulnerabilities being exploited in these attacks:
- CVE-2021-26855: This vulnerability allows an attacker to authenticate as the Exchange Server.
- CVE-2021-26857: This vulnerability is in the Unified Messaging service and would allow someone with another hack for the administrator permission to run code on the Exchange server.
- CVE-2021-26858: This vulnerability provides the authentication needed for the previous vulnerability by compromising admin credentials.
- CVE-2021-27065: This vulnerability also compromises admin credentials and allows the hacker to write to a file in any path on the server.
All of these exploits used together basically give an attacker free reign over a server its data and its processes.
Which Microsoft Products Were Impacted? Which Weren’t?
The impacted products for which Microsoft issued patches are:
- Microsoft Exchange Server 2010 (Service Pack 3)
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
So, basically, if you are running a Microsoft Exchange Server on-premises, you were impacted and could potentially have a breach you’re not aware of. Remember, there were several weeks between the time the exploiting of the vulnerabilities began (January) and when Microsoft issued patches (March), so even if you applied those patches, the hacker could’ve already created a backdoor to your system. Not impacted was Microsoft 365 and Exchange Online. So, any small and mid-sized businesses using these services were completely spared from this major hacking crisis.
Is It Time for Your Small Business to Move to Microsoft 365 and Away from On-Premises Solutions?
This major Microsoft Exchange Server hack is just one of the many costly problems that small businesses can face when running their own on-premises servers for email, data backup, and software processes. The full cost of this breach to SMBs is yet to be realized, but the cost of a data breach on top of the continuous maintenance required for an on-premises server makes it a less attractive option for technology infrastructure as the cybersecurity landscape gets more complicated. This hack illustrates that even state-sponsored hackers aren’t only hacking other governments or large corporations. Their efforts are increasingly being directed to the large volume of SMBs, which typically have less security protecting their on-premises assets.
Benefits of Moving to a Cloud-Based Platform Like Microsoft 365
Why didn’t Microsoft 365 users suffer the same problems? Because their email and other could data is being protected by the stringent security of Microsoft, something that hackers could not get past. Instead, they attacked tens of thousands of smaller on-premises servers. In 2019, 70% of all data breaches were of on-premises assets, cloud assets accounted for just 24% of the breaches. Advantages of using a cloud platform like Microsoft 365 rather than an onsite server include:
- Better security, because servers are owned and protected by Microsoft
- Business continuity in the event of a natural disaster
- Easier anytime access to all your business processes
- Lower upfront costs
- Lower ongoing costs (no server maintenance, management, etc.)
- Easily scalable to your needs
Get Help Migrating to a More Secure Cloud Environment
Managed IT Asia can help your small business migrate from an on-premises server to a more secure cloud environment, such as Microsoft 365, and others. Contact us today to schedule your free consultation. Call +65 6748 8776 or reach us online.
MANAGED IT ASIA, we are an IT Support, IT Solutioning and Managed IT Service Provider specializing in serving Small Businesses across Asia. Call us at +65 6748 8776 and let us manage your Small Business IT today!