VIPRE Releases Security Advisory on Microsoft Exchange Server Attacks

V

VIPRE Security

Guest
VIPRE Security has released a security update related to last week’s attack affecting Microsoft Exchange Server 2013, 2016, and 2019. The Microsoft Security Response Center issued a detailed update March 5th with information and guidance for customers who may be affected.

KrebsOnSecurity was first to report the hack. “This is the real deal,” Chris Krebs, the former head of the Cybersecurity and Infrastructure Security Agency, said on Twitter, referring to the attacks on on-premises Exchange, which is also known as Outlook Web Access. “If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03.”

As details began to emerge, a Microsoft blog points to a newly identified threat actor they are calling Hafnium which operates from China. And according to Microsoft, while Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.

Even administrators who have diligently patched their systems may still be at risk. Fortunately, IT pros can look to the Cybersecurity & Infrastructure Security Agency (CISA), who last week released Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities and advised:

“This Alert includes both tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs) associated with this malicious activity. To secure against this threat, CISA recommends organizations examine their systems for the TTPs and use the IOCs to detect any malicious activity. If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert.”

VIPRE recommends always keeping Windows machines patches up-to-date including VIPRE Email Security for Exchange. VIPRE Endpoint Security offers third-party patch management to cover the critical vulnerabilities in common applications and web browsers. VIPRE breaks down patch management in the following short video.

VIPRE Security recommends that all organizations utilize a layered security approach when implementing defensive measures. A top-rated endpoint security solution coupled with advanced email security and threat intelligence solutions will ensure that you are protected from malicious threats via multiple attack vectors.

Explore VIPRE’s cybersecurity solutions with a 30-day free trial.

The post VIPRE Releases Security Advisory on Microsoft Exchange Server Attacks appeared first on VIPRE.