Over the last few years, hacker groups as far away as China have penetrated Microsoft products, like its Exchange Servers, compromising sensitive business information. Learn the history of these targeted Microsoft cyberattacks so you can protect your business from being victimized.
How the Attack Began
2019/2020 SolarWinds Attack
Coordinated cyberattacks against Microsoft started back in December of 2020. The attack began with a breach of software vendor SolarWinds back in 2019. Hackers installed malware inside the Orion IT monitoring platform, a product Microsoft utilizes internally. SolarWinds finally patched the vulnerability in December of 2020, but the damage had already been done. Once inside Microsoft’s internal network, hackers were able to view Azure, Exchange, and Intune code. Solutions utilized by many businesses.
How Microsoft Cyberattacks Work
2021 Exchange Attack
Since January of 2021, on-premise Microsoft Exchange Servers have been under attack by Hafnium, a Chinese, state-sponsored hacker group. Hafnium utilized the vulnerabilities to enter on-premise exchange servers to access email accounts. In some instances, they were installing malware to create backdoors to have long-term access to these environments.
Microsoft estimates that 30,000 exchange servers in the United States and 250,000 globally have fallen victim to this attack. On March 12, the FBI started contacting private businesses to warn them that Microsoft cyberattacks may have compromised their exchange servers.
Microsoft released patches on March 2 to fix the vulnerabilities on Exchange versions 2013 through 2019. Even though Exchange 2010 is no longer supported, Microsoft still released a patch for that software.
It’s important to note the Microsoft patches do NOT remove any malicious software, backdoors, or accounts created by hackers on your server. Even if your server is patched, it can still be vulnerable to hacking, if it was compromised before the patch was released.
What You Can Do to Protect Your Business
Installing the Microsoft patches for Exchange Servers should be your first priority. Patched servers may still be vulnerable to future attacks, so businesses should also install monitoring software to detect malicious software.
Microsoft cyberattacks and other types of threats can be overwhelming for a business owner. Cybersecurity is more essential than ever, and you must have an IT staff you can trust. The experts at TCI Technologies have the experience and technical knowledge to help protect your business from any cyberattack.
Contact our team to learn more.