A wave of attacks that have compromised hundreds of thousands of Microsoft Exchange Servers is causing organizations worldwide to rethink their email strategy. Many are likely to decide they no longer want the burden of managing and securing an on-premises solution.
Microsoft recently issued several security updates to address Exchange Server vulnerabilities that have been exploited in a series of cyberattacks and data breaches involving as many as 60,000 organizations since January. In addition to out-of-band emergency patches for Exchange Server 2013, 2016 and 2019, Microsoft even issued a patch for the older, unsupported Exchange Server 2010.
Cloud email services such as Exchange Online and Microsoft 365 are unaffected, however. That’s likely because of the layers of proactive security measures Microsoft provides as part of these services. Few organizations have the internal resources to match that level of protection for their on-prem email.
Security analysts and law enforcement officials say a Chinese hacking group known as Hafnium is behind the new attacks on Exchange Servers. In each attack, the hackers have installed a Web shell back door that they can access over the Internet from any browser. In addition to gaining full access to user emails and passwords on affected servers, attackers use the opening to gain administrator privileges on compromised servers.
Although Microsoft reports that more than 90 percent of vulnerable servers have been patched, the company always warns that patching “does not necessarily remove the access of the attacker.” Attackers achieve this persistence by using administrator privileges to create new user accounts and extract additional credentials.
It’s just the latest in a long line of security events affecting on-premises email systems. Microsoft acknowledges that on-premises Exchange servers are ideal targets for attackers looking to penetrate enterprise networks because “they provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance.”
Although email has been an indispensable business tool for 50 years, it has become a valuable tool for cybercriminals. Security experts are nearly unanimous in the opinion that email has become the No. 1 delivery mechanism for ransomware, malicious attachments, malicious URLs, viruses and phishing attacks.
What’s more, many organizations aren’t making much of an effort to update their email infrastructure. Exchange Server 2010 remains in use in many companies, even though mainstream support ended in January 2015.
The Cloud Advantage
Many organizations are looking to cloud-based hosted email platforms to boost security. Among other advantages, hosted solutions relieve you of the burden of managing the complex system of servers, storage, operating systems, mail clients and directories. There’s no need to keep up with patches and updates, or upgrade to a newer version when the existing platform is no longer supported.
Additionally, economies of scale allow cloud service providers to make significant investments in security features that in-house systems might lack. With multiple tenants, cloud providers will likely encrypt data at rest and have the strongest possible identity and authorization features and content filtering capabilities. Many providers will also offer security extras that can be licensed to amplify security based on specific user roles and departments.
RMM Solutions customers have taken advantage of our hosted email solutions to relieve their management and security burdens. With email hosted in our state-of-the-art data center, customers gain access to increased levels of protection with integrated antivirus, multifactor authentication, privileged access management and more. Contact us to learn more about how we can help you boost the security of your critical business communications.