Earlier this year, a Chinese group known as Hafnium orchestrated a hack which left all businesses running their own Microsoft Exchange email servers vulnerable to a cyber attack. Thousands of small businesses, enterprises and government organizations worldwide have been impacted by the event.
Microsoft has since issued a patch to mitigate the risk of attack, however, patches are not effective at kicking hackers out of servers which have already been compromised – and all businesses running their own servers were vulnerable before the patch was issued.
Why Was The Hafnium Attack So Significant?
Hafnium left web shells which enable other cyber criminals to access networks – in everyday language it’s like leaving a back door unlocked to your home. To begin with the attack was under the radar and didn’t show up in any security checks. It was only noticed when cybersecurity firm, Volexity, spotted strange internet traffic requests to the company’s customers who were running their own Microsoft Exchange email server. These customers were some of the first victims of the Hafnium attack.
It also took a while for cyber criminals to become aware of the vulnerability. At first cyber attacks were few and far between and damage was relatively limited as Microsoft and Volexity were able to repair the comparatively small number of compromised servers. Towards the end of February, and before Microsoft issued the remediation patch, the number of attacks rose sharply. It is still not known how cyber criminals across the globe were informed about the vulnerability.
Events like the Hafnium attack, and also the Solar Winds cyber attack in December 2020, could be espionage activities ordered by foreign governments. Whatever the original hackers’ goals, small businesses and enterprises have suffered – and will continue to suffer – consequences of large scale cyber attacks.
Bolstering your Cybersecurity
If your business hosts a Microsoft Exchange server it is advisable to seek advice from a cybersecurity professional to check that your system has not been compromised and your system has been patched successfully.
The first step to building a more robust IT network is to move to a cloud-based system such as Microsoft 365 which stores all emails and documents in a cloud. This makes it much more difficult for cyber criminals to access your data.
After moving to cloud-based computing it is essential that cyber hygiene is maintained, and your system is evaluated on a regular basis so that new threats can be identified and removed.
Contact the MAP CyberSecure team at (818) 789 1179 to discuss how cloud-based computing could fit into a cybersecurity strategy for your business.