Worried About the Microsoft On-Prem Exchange Hack?

Recently, Microsoft announced a number of security hacks to its on-prem Exchange server. The attacks were coordinated by a group Microsoft dubbed ‘Hafnium’, a group operating in China. While the exact amount of victims are unknown, many media outlets estimate the number to be around 250,000 globally.

The group targets a few specific industries, including defense contractors, law firms, higher education groups, researchers for infectious diseases, and policy think tanks, to steal data and information. Once they have this information, they use it to breach a user’s account database. Some sources have even reported the hackers utilizing malware for long-term server access.

Microsoft Corporate Vice President Tom Burt stated the breach occurs in multiple steps: “First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undisclosed vulnerabilities to disguise itself as someone who should have access.” Once inside, hackers are able to control the server from a remote location and use that access to steal information.

While any type of security breach is cause for concern, CISA warns that if Hafnium has entered into a system, it’s only a matter of time before they have access to your entire network—the repercussions of which could be catastrophic.

JourneyTEAM’s Commitment to Keeping You Protected

After the attack occurred, Microsoft released a number of security patches for the 2019, 2016, 2013, and 2010 Exchange versions to help safeguard against the group. Microsoft stated: “Because we are aware of active exploits of related vulnerabilities in the wild (limited targeted attacks), our recommendation is to install these updates immediately.”

Despite the patches, Microsoft is urging users to be more diligent than ever in terms of security, stating: “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”

Hackers are notoriously sneaky. Any vulnerability in your system, they’re able to detect and hack into. Hafnium is just one example—there are hundreds if not thousands of other groups looking for a way in. So how do you safeguard your system? Where do you start? The answer: JourneyTEAM. Using a comprehensive Microsoft 365 health check and migrating your servers to the cloud, you’ll have the confidence that your system is secure.

Say Goodbye to Threats with a Microsoft 365 Health Check

Even if you’re fairly confident about the security of your system, gaps may exist that you’re unaware of. The risk is even higher if you’re running outdated software or programs, or you’re still using on-prem servers. Plus, you may not be aware that you are using legacy software until you’ve done a thorough review of your system.

At JourneyTEAM, we use our Microsoft 365 health checks to identify gaps and vulnerabilities in your system, ensure all data is safeguarded, and help you follow cybersecurity best-practices. Our test (a more than 100 page document) reviews your Office 365 and Azure AD settings, including:

• MFA enrollment and SSPR registration settings
• OneDrive settings
• How your identities are or are not secured
• Device and user settings
• Service and security settings for PowerApp, SharePoint, and Flow
• Group settings and group governance posture
• Exchange online service settings, which includes archive and retention policies

Getting routine system health checks helps to locate any potential weaknesses and enables you to fix them before an attack occurs. Additionally, any legacy software or outdated programs that are hiding in the far corners of your network are identified, which can be updated or retired. Ultimately, these health checks help you to feel at ease knowing your tenant and your system are safeguarded by the most recent software and security measurements.

Enjoy the Security of the Cloud

In the early days of the cloud, many were concerned that by moving to a remote server, data would be less secure. As new technology has emerged, the opposite has become true. Cloud data is, in many ways, more secure than on-prem servers. Microsoft, for example, has more security protocols with cloud servers, such as consistent and regular updates, built-in firewalls, patching to protect data, third-party testing, and data redundancy. Additionally, because cloud servers are stored in multiple locations, they’re harder for hackers to access. Data stored on the cloud is typically encrypted and has additional controls you can configure for protecting and preventing this data from getting into the wrong hands.

If you’re still using your on-prem server, it’s time to make the move to the cloud—especially if cybersecurity is a top concern for your business. When you do make the move, you’ll want to migrate to one of the most secure solutions available: Azure. Security is included in virtually every feature and is regularly updated to ensure your data is protected from new threats.

Using the Azure Security Centre, IT team’s are trained and informed on new security measures, reducing the chances of someone slipping into your system through a back door. Finally, Microsoft products like MFA, InTune, and Azure Active Directory all feature third-party validation to ensure only approved users can access data.

Cloud migration is far easier said than done. There’s no ‘one-size-fits-all’ strategy, which is why JourneyTEAM creates a cloud-first strategy that’s best for your organization. We’ve helped dozens of companies make the move—from initial strategy to moving entire data centers. JourneyTEAM has all the expertise and knowledge needed to ensure a successful transition.

NEXT STEPS:

1. Join a free consultation and ask all the questions you wish.

2. Plan your Deep Dive meeting – Get your organization’s Customized Solutions presentation.

______________________________________________________________________________

Article by:

Rhett Arave – Azure Team Member