Implications of the Microsoft Exchange Server Cyber Attack

Tu Phan
Author

Tu Phan

In the last decade, we've witnessed dozens of companies fall victim to some of the worst cyber attacks in history and this year, the attack on the Microsoft Exchange Server has left governments, businesses, and cybersecurity teams reeling in their seats, scrambling to contain the mayhem that lies in front of them. 

On March 2nd, Microsoft announced that it had suffered a massive attack on its Exchange Server -- an attack that impacted hundreds of thousands of organizations worldwide and began as soon as early January. In early January, a group of hackers based in China known as "Hafnium" first gained access to the server by either exploiting a series of vulnerabilities that have been in the code base for more than 10 years or using stolen passwords to disguise themselves as employees with authorized access to the server.  

From there, the hackers used web shells to control these servers remotely and steal data from the networks. In response, the FBI has been issued an approval from the court to remove all web shell malware from computers that have affected by this attack. Without this removal, the hackers would have "persistent, unauthorized" access to these networks. 

Although this removal has led many organizations to question the FBI's methods since many were unaware that the FBI could access their networks without permission, some have praised the FBI for taking action to disrupt this attack. 

Our Co-founder and CTO, Noah Johnson, explains why this process is not likely to be a major concern. 

According to Noah, it's likely that the FBI only accessed Exchange servers that had been configured to allow untrusted connections, and not those that had additional protections in place.

In other words, imagine that a police officer finds the back door of a local bank wide open after business hours. The police officer then touches the doorknob and closes the door, similar to how the FBI makes an untrusted connection and removes the shell scripts.

Has the police officer done anything wrong?

If the back door had been protected with a barbed-wire fence and biometric gate, and the police officer went out of his or her way to scale the fence or hack the biometric gate in order to reach the back door, then there would be more cause for concern. 

Read the full article from the Washington Examiner here. 

Dasera

Dasera protects the entire cloud data lifecycle. It discovers new cloud data stores, detects misconfigurations, analyzes permissions, discovers where sensitive data is stored, monitors data in use, highlights data misuse, and enables data governance, security and compliance. With Dasera, SecOps, compliance teams, and data owners can easily collaborate on a single, automated platform.


For more information, request a demo.

You May also Like: