Reading Time: 3 minutes

3 MINUTE READ

Critical Microsoft Exchange Vulnerability Illustrates Importance of Cyber Threat Detection

VC3 logo with the words Cybersecurity Alert over top a textured background

Last Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency overseen by the Department of Homeland Security (DHS), released an alert about Microsoft Exchange server vulnerabilities. While many organizations no longer use Microsoft Exchange, quite a few still do and may be vulnerable to a cyberattack.

According to CISA, “Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system.”

This means an unauthorized person can access your files, documents, email, and even credentials such as the usernames and passwords of employees. And when the attacker gains “persistent access,” they are able to stay undetected inside your systems for long periods of time.

Even if you’re not using Microsoft Exchange and this specific alert doesn’t apply to you, it offers several serious lessons for organizations about software vulnerabilities and vigilance in detecting cyberthreats.

The Serious Risks of Zero Day Software Vulnerabilities and an Inability to Detect Cyberthreats

  • Organizations lack ways to detect cyberattacks: When a zero day vulnerability (defined as a vulnerability that no one has ever seen before) is discovered by hackers, even current and fully patched systems can be targeted  by cyberattackers looking to exploit this vulnerability and breach an organization. Many organizations might use antivirus and other security tools that prevent cyberattacks based on existing, known vulnerabilities. But such prevention tools are no match for an attacker exploiting newly discovered security holes. Often, malicious actors are the first ones who find these undiscovered flaws.
  • Cybercriminals can enter your systems and do a lot of damage: Damage includes taking control of your servers, accessing confidential data, stealing and/or destroying your data, and infecting your system with ransomware.
  • Recovering from a serious cyberattack could take weeks or months: When a zero day attack is successful, it’s not unusual for such an organization to need weeks or months of recovery time, lots of unbudgeted money, and many interactions with law enforcement and regulatory authorities. They will also likely need an expensive rebuild of their IT systems as they are forced to modernize in the wake of an attack.

What You Should Do

  • Frequently upgrade and patch your software: Make sure you keep software and applications up to date. Software vendors often release patches quickly after a vulnerability is discovered, but it is not uncommon for those systems to remain vulnerable if those patches have not yet been applied. It’s a race against time. Attackers attempt to quickly exploit the new vulnerabilities before organizations have a chance to update their software. The longer it takes to patch a newly discovered vulnerability, the more likely you are to be compromised.
  • Create a security strategy that includes the detection of suspicious activity: Antivirus software and other perimeter-based security tools (such as firewalls) focus on identifying known threats and preventing them from entering your systems. However, these tools are not particularly good at detecting threats once they’re inside your system. In other words, they are unable to see suspicious activity within your network that may lead to a cyberattack. An endpoint detection tool, managed by IT professionals, can detect attacks before they infect your system and contain incidents before they spread throughout your network.
  • Ensure that you have a robust data backup and disaster recovery strategy: In case the worst happens, at least you will be able to recover your data. An onsite and offsite data backup component can ensure quick recovery in case of a smaller incident (like a server failure) or larger incident (such as a ransomware attack). Make sure you test your data backup solution periodically.

Running old and outdated software magnifies the risk of a cyberattack, as vendors may no longer even offer patches for newly discovered vulnerabilities. If you’re running aging software no longer patched or supported by the vendor, consider upgrading those applications to prevent cyberattacks similar to the ones stated by this CISA alert.

And while Microsoft Exchange is still supported by Microsoft, it does require managing your own servers onsite—including the responsibility of applying your own patches and updates. An upgrade to Office 365, based in the cloud and requiring no hardware to manage, means that patches are automatically applied and the software is always up-to-date.

Remember, cyberattackers are actively looking to exploit known vulnerabilities. No organization is too small to target, so your security strategy matters.

Ready for Proactive Cybersecurity?

If your organization is concerned about cybersecurity, outdated software, and your current level of protection, complete the form below. We’ll schedule a short call to learn more about your organization’s cybersecurity needs.