A NATION-STATE ATTACK AGAINST ON-PREMISE MS EXCHANGE COMPROMISED AT LEAST 30,000 BUSINESSES
On Wednesday, March 3rd, 2021SWICKtech had all hands-on deck to update a critical patch. Attacks from Hafnium, a state-sponsored Chinese hacking group was originally detected in January of 2021. However, it was not publicly announced until just recently. Mostly small and medium-sized businesses in industries, including DOD contractors, were targeted.
SWICKtech’s Client Engagement Team works with many business leaders, and a significant amount believe they are too small to be targeted by a cyber-attack. Cybercriminals may not be targeting specific SMB’s, however, they are actively scouting for vulnerabilities like the Microsoft Exchange on-premise exploit.
When SWICKtech learned of this exploit, our Engineering and Client Engagement Team made it top priority to put together a swift plan of action to handle client outreach to inform clients of this imminent threat.
From there, the Engineering team deployed critical patches where necessary and confirmed the exploit did not compromise the potentially impacted systems and servers.
“Thanks to your team this morning for jumping on the critical patch to our Microsoft server. It sounds like a particularly dangerous issue!”
Fortunately, there was no collateral damage. If SWICKtech’s response would have been delayed, the damage could have significantly impacted business operations.
It is important to note, SWICKtech has helped several dozen businesses migrate their on-premise Microsoft Exchange to Microsoft Exchange Online (O365/M365) over the last few years. Microsoft Exchange Online is not impacted by this issue.
Now that these vulnerabilities have been made public, there has been a notable increase of searches for unpatched Exchange servers exposed to the internet.
If your business is running Exchange on-premise for email and you have concerns about this known vulnerability, SWICKtech can help secure your IT.