This week it is bad news for people running in-house, Internet facing Exchange servers, which are being actively exploited by nation-state actors to facilitate the theft of intellectual property and other data from seemingly specific verticals, including infectious disease researchers, higher education institutions, defence contractors, policy think tanks and NGOs.
Microsoft’s announcement and out of bank patches pinned the activity to Chinese (Surprise!) state outfit HAFNIUM, which appears to be using not one, not two but four zero-day exploits to facilitate the data theft and long term infiltration of the target.
Hot on the heels of the massive SolarWinds job, either these people do not sleep, or there are an awful lot of them (see our previous post) with a huge arsenal of magic tricks. It now appears that a Massive Attack is underway and of course the vulnerable need some Protection.
This issue is so serious, along with warnings from cyber outfits ESET and Huntress confirming mass infection with rogue shells identified on over 350 servers and counting, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive.
Do read the directive, it is fairly scary and if you have Internet-facing Exchange servers (that you know about, see below), get patching in the ‘now’ timeframe!
The scale (in this and many other cases, C#) of these attacks can only be achieved using highly planned, highly automated scanning, testing and infiltration.
If you were to think that a manual process (you know ITILtastic: raise a ticket, make a call, get on a bridge, maybe two bridges; one for techs, one for more important types, work the issue after emergency change control etc.) will succeed in thwarting today’s adversary, you might want to put your future in the hands of higher powers, astrology or if you are totally bonkers, sorry – relentlessly optimistic, apply for this job (see paragraph one).
Having built and managed many traditional Secure Operation Centres from the ground up – technology, people, processes, even customers, Tiberium has designed and built a highly automated managed security service which is easily deployed (think hours rather than months), shows value in a day, automates protection and drives security improvements for your business through constant measurement and reporting.
Tiberium also assists with identifying vulnerable systems (think Internet facing!) that you may not even know you had or have overlooked since Dave left and enables prioritised remediation.
Tiberium deployed detection for the exchange attack pretty much as soon as the balloon went up, protecting our customers in real-time.
We would very much like the opportunity to show you our wares. Please get in touch with us here.
Eagle eyed readers will have noticed that even though this blog is about Exchange, the title is a bit of an Outlook gag. That is because the song Look Out (James Vincent McMorrow) has the following pertinent lyric:
Cause I was looking, now we’re peeking over, I was looking
And the song Exchange (Bryson Tiller) is deffo Not Safe For Work.
Have a good weekend.