2021 Microsoft Exchange VulnerabilitiesExecutive SummaryIn March 2021 there is a worldwide crisis as thousands of email systems have been compromised by hackers exploiting a vulnerability in certain software. This presents security risks even for organisations which are not directly vulnerable or affected. DiscussionIn early March 2021, Microsoft issued updates for various versions of its enterprise email system, Exchange Server. The updates fixed security vulnerabilities which give rise to a very easily-exploited compromise and intrusion of the servers they are hosted on. It is a very significant issue, and as of mid-March, many servers around the world remain unpatched and/or compromised. No Cadzow TECH clients are directly susceptible to this vulnerability as most use Exchange Online in Office 365 (which is not affected). (Clients who were previously using on-premises editions of Exchange Server systems have been migrated to Office 365.) However, despite not falling victim to the vulnerability, the problem may affect businesses indirectly. If your business has suppliers or customers with an unpatched or compromised Exchange Server, this can result in a number of issues for your business:
As of mid-March reports of compromise seem to be mostly ransomware attacks. However, the possibility of increased incidence of fake invoice scams is very real. Organisations should treat all incoming invoices with increased scrutiny. For a recent example of this scam, see https://www.abc.net.au/news/2021-03-17/aged-care-resident-scammed-out-of-bond-in-375000-email-hack/13226362. In particular, requests to change the bank/EFT details of existing suppliers/employees or new suppliers should be validated by telephone. Email requests to update banking details should be regarded as highly suspicious. Action
Do not hesitate to contact Cadzow TECH with any queries. |