The 2021 Microsoft Exchange Data Breach could go down as the most significant cybersecurity moment of the 21st century.

Since January, more than 250,000 organizations around the world have been affected by a wave of cyber criminality that will likely cost trillions and take years to fully resolve. This event has exposed millions of users across digital networks to an ever expanding range of threats that have once again placed the topic of cyber security at the top of agendas around the world.

< Back to Tag
Jan 09, 2022

Microsoft Exchange Server Hacks: Everything You Need to Know

The 2021 Microsoft Exchange Data Breach could go down as the most significant cybersecurity moment of the 21st century.  Since January, more than 250,000 organizations around the world have been affected by a wave of cyber criminality that will likely cost trillions and take years to fully resolve. This event has exposed millions of users across digital networks to an ever expanding range of threats that have once again placed the topic of cyber security at the top of agendas around the world.  While there is still much left to be uncovered about this global event and the myriad ramifications it will have on the public and private sector, at this time, it is quite evident that this is the perfect moment to reconsider how your organization is handling cyber security and managing information technology.  In this article, we will cover everything your organization needs to know about the vulnerabilities exposed by the Microsoft Exchange Data Breach, how those threats can be mitigated, and what can be done to strengthen your cyber security.
Image

The 2021 Microsoft Exchange Data Breach: What Happened and Why It Matters For Your Organization 

On January 3rd of 2021, employees at network security monitoring service Volexity began to detect strange and potentially malicious behavior unfolding across two of its customers’ Microsoft Exchange servers.  As cyber security professionals began to take a closer look at what was happening, they found tremendous volumes of data being sent to IP addresses not legitimately connected to users across the network. Now certain that malicious activity was taking place, an analysis of IIS logs from Microsoft Exchange servers revealed an unprecedented zero-day exploit being executed in the wild.  Subsequent analysis by cyber security professionals in the public and private sector would eventually confirm that four zero-day exploits had been initiated against on-premise Microsoft Exchange servers providing user emails, passwords, and administrative access. Cybersecurity expert Brian Krebs suggested that the vulnerabilities targeted in the  Microsoft Exchange server code base had been present for more than 10 years. It wasn’t until March 2nd of 2021 that Microsoft acknowledged a breach and began to release updates for Microsoft Exchange 2010, 2013, 2016, and 2019 to patch the exploit. By March 9th of 2021, it was reported that the data breach that began in January had already affected 250,000 servers located around the world. To further complicate matters, a wide range of state and non-state actors including the hacking syndicate known as HAFNIUM along with the Winniti Group, Calypso, Tick, and LuckyMouse (APT27) have taken advantage of this data breach to unleash a sophisticated array of exploits to further compromise network and geopolitical security.  Analysis conducted by Checkpoint Research found 17% of the attacks targeted organizations in the United States, 6% targeted Germany, 5% were seen in the United Kingdom and the Netherlands respectively, and 4% targeted assets in Russia. Alarmingly, this attack was distributed 23% against military and government assets, 15% against clients in the manufacturing sector, 14% against financial organizations, 7% against clients in the software industry, and 6% against organizations in the global healthcare sector. Though it is likely that many affected organizations in the public and private sector have yet to confirm that they were targeted by this event, the European Banking Authority, Norwegian Parliament, and the Chilean Commission for Financial Markets (CMF) are some of the major international organizations affected.  As of March 12th of 2021, as many as 125,000 of the affected servers remained unpatched and at this time, the full scope, complexity and impact of this vulnerability and the losses it will create remain unknown. Since the start of this cyber security event, attacks have escalated exponentially and continue to affect organizations that have not immediately begun to initiate threat mitigation practices. DearCry, REvil, and Black Kingdom are some examples of malicious ransomware that has been inflicted on organizations recently and there is every reason to believe these events are not isolated but part of a larger pattern of global cyber crime. It is important to note that while in 2020 the average ransomware sum paid amounted to $111,605; the REvil attack on Taiwanese computer company ACER has been described as the largest ransom of all time coming in at $50,000,000.  Cyber criminals and the nation states that support them are becoming emboldened and the 2021 Microsoft Exchange Data Breach has dramatically underscored the need for organizations around the world to take a closer look at how they are protecting their assets against the changing landscape of cybersecurity vulnerabilities and threats. This is the perfect moment for your organization to respond to the current environment and make strategic investments to ensure you don’t end up on the front page headlines for all the wrong reasons.  The landscape of cyber threat is evolving, is your organization ready to respond? 
Image

What Organizations Are at Risk from the 2021 Microsoft Exchange Data Breach? 

Any organization that has operated on-premise Microsoft Exchange servers needs to take immediate steps and follow Microsoft’s instructions for patching the following vulnerabilities:  CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 Any organization that has operated cloud-based Microsoft products such as Office365 are not likely to have been directly impacted by the scope of the Microsoft Exchange Data Breach but should be aware that any external partners, vendors, clients, or customers that were affected could have exposed sensitive internal and external data to malicious actors. At this time, the full global scope, complexity, and impact of the 2021 Microsoft Exchange Data Breach is not fully understood by the public or private sector.   On March 3rd of 2021, the United States Cyber Security and Infrastructure Security Agency (CISA) issued an emergency directive urging all United States government networks to immediately begin patching the known vulnerabilities on Microsoft Exchange.  Since then, the United States National Security Advisor Jake Sullivan, United States President Joseph Biden, Norway's National Security Authority and the Czech Republic's Office for Cyber and Information Security are some of the government officials and bodies around the world that have commented publicly about this issue. 

It’s Time for the Next-Generation of Cyber Security to Identify Vulnerabilities and Mitigate Threats Before They Cost Your Organization…

The 2021 Microsoft Exchange Data Breach is a kinetic event that has created a new sense of urgency and need across the public and private sector. Whether your organization has already been directly affected or not does not really matter given the ever-evolving landscape of international cyber crime. It is no longer a question of if your organization will be made vulnerable by cyber attack but simply a matter of when… Gradient’s next-generation cyber security platform delivers the critical visibility your organization needs to monitor network vulnerabilities and mitigate threats before they cost your organization catastrophic losses. Manage your organization’s cyber security capabilities from a single easy-to-use and cost-effective platform.  Image
Critical Vulnerabilities in Cisco SD-WAN vManage Software Active Directory