Is your Exchange Email Server Protected?
There has been a lot in the news lately about Microsoft Exchange Servers 2013, 2016 and 2019 having vulnerabilities. If your email is hosted by a third party such as Microsoft 365 then this does not affect you.
Microsoft have issued security updates to fix the issue and you are advised to install these as soon as possible, of course if Computer Troubleshooters is looking after your computer network then it will already be installed as part of your Managed Service Plan.
Several important organizations around the world have suffered from this attack including The European Banking Authority. It is thought that whilst a China based group made the first hacks in February various countries have then made use of the exploit including a number of Russian groups.
Even more concerning is our partners Eset have warned that more than 500 email servers in the UK may have already been hacked. The hackers could have left a backdoor to allow them access to computer networks.
The true scale of this problem is still emerging with thousands of systems vulnerable in the UK alone but what is not yet entirely clear yet is the overall impact.
While many systems are still at risk and thousands had malicious software installed, the number of cases where we know this was actually used to steal emails or lock people out with ransomware is still fairly low, that may change in the coming days as more reports come in.
What is clear is that multiple hacking groups have piled in to exploit the vulnerability and those working on the defensive side are likely to stay busy for some time to come. It is not yet known who or what else will make use of the exploit that is already installed but the guess is that we will see a surge in Ransomware attacks.
Call Your local Computer Troubleshooter for expert advice and to make sure your computer network is secure.
See also
https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/