The world learned about the Hafnium attacks on Microsoft Exchange servers in March, and it was bad. In April, more vulnerabilities were discovered, as well as additional ways cyber criminals are exploiting them. IT teams who are still managing on-premises Exchange servers must feel like they’re living in a zombie movie:
The problems just keep coming – zombies as far as the eye can see. Just when you think you’ve got the house fortified, they start emerging from the basement. And then you discover one in your closet! Unfortunately, companies only found out that their Exchange servers had been exploited after the attackers were already inside.
Now, new information has come to light that cyber criminals are using Exchange server vulnerabilities for their botnets so they can secretly steal processing power and mine cryptocurrency. Just when you thought you’d figured out how to deal with regular zombies, along comes one that wants to hijack your brain! If you’d only applied those patches sooner.
At this point in any zombie movie, you’re screaming at the remaining human actors to “Get out of the house!” Thankfully, BitTitan has a fully gassed-up car waiting right by the door, and the key is in the ignition. Your MigrationWiz sedan is ready to whisk you away to the cloud, where zombies are not coming in through the windows.
Keep patching, or change the story
Companies using Microsoft Exchange online have continued to go about their business, unbothered by the scary news that keeps coming in. That’s because their cloud servers are protected and patched on a regular schedule, and watched over by teams of cybersecurity experts. Each time a new Exchange vulnerability is discovered, it has come with reassuring news for those already in the cloud: It doesn’t apply to Exchange online.
If you’re still managing an on-premises Exchange server, it’s vital that you’re keeping up with Microsoft’s CUs and SUs – Cumulative Updates and Security Updates. CUs are generally released quarterly with resolutions to feature problems. SUs are released when security issues are found and fixed. Unfortunately, Microsoft has found that many companies hadn’t been keeping up with updates, and therefore were not on supported CU versions. This meant they were unable to install security patches as soon as they were available – extending the time their servers remained vulnerable.
Vigilance is vital
The March and April attacks make it clear that companies wanting to keep their Exchange servers on-premises need to maintain constant vigilance, not only with continuous updates and security patching, but also monitoring for nefarious intruders.
Paul Kirvan, writing for TechTarget in April 2021 recently published helpful instructions for battening down the hatches, including a 12-point plan with eight sub-points:
- Keep servers up to date
- Launch specialized utilities
- Deploy firewalls
- Use Exchange server security programs
- Secure the perimeter
- Monitor servers
- Use allowlists and blocklists
- Use certificates
- Limit administrative access
- Use role-based access control and strong passwords
- Harden the OS
- Audit mailbox activity logs
In the zombie movie, this is when our heroes are throwing every piece of furniture at the intruders and grabbing the fire extinguisher off the wall.
Security experts sometimes wonder why internal IT teams aren’t keeping up on every single recommended data-protection tactic. The answer often comes down to resources and priorities. Security is vital, but so are development and modernization projects.
Find security in the cloud
At BitTitan we’ve seen how moving to the cloud frees up internal IT teams to focus more on improving employee and customer experiences, because they’re relying on the experts at their cloud provider to manage security. Cloud providers like Microsoft Azure are investing heavily in state-of-the-art physical and cyber security. They’re also implementing ongoing updates and performing continuous monitoring.
Unfortunately, the zombies aren’t going to go away – they’ll continue to test the fences of your on-premises servers. It’s time to get out of the house. With MigrationWiz you can migrate to the security of the cloud and let the Microsoft Azure experts take over the vigilance of watching your environment.