The White House released a warning about the recently discovered Microsoft Exchange vulnerabilities. This is just the latest concern about cyberattacks crippling businesses and organizations worldwide. We first explored the Exchange problems on March 6, noting then that governmental agencies were closely monitoring the circumstances.
RELATED: Chinese Hackers use 4 Zero-Day Exploits on Microsoft Exchange Servers Currently, the situation is critical, with officials cautioning that organizations have “hours, not days” to update Exchange. While no covered entities (CEs) are reported affected, such attacks should not be taken lightly by the healthcare industry. Cybersecurity is more essential than ever.
The Microsoft Exchange vulnerabilitiesMicrosoft first became aware of the four zero-day vulnerabilities, used as part of an attack chain, in January:
These four flaws allow hackers to access Microsoft email and calendar services. The vulnerabilities are found in Exchange Server versions 2013, 2016, and 2019. Exchange Server 2010 and Exchange Online remain unaffected. Microsoft named the originating threat group Hafnium, which is a state-sponsored advanced persistent threat (APT) operating out of China. Those breached include governmental agencies, think tanks, academic institutions, infectious disease researchers, and other businesses such as law firms and defense contractors. There is no evidence at this time that attackers target individuals. Although Microsoft released patches on March 2, not all users have updated, leaving them susceptible. Even more so as other threat actors have joined Hafnium in taking advantage of the problem. Research shows that at least 10 other APT groups are connected, including LuckyMouse, Tick, Winnti Group, and Calypso.
White House involvement
Over the past year, researchers have seen a rapid increase in data breaches. In fact, many threat actors are even using the current pandemic to exploit and steal data through cyberattacks, attacking critical healthcare and governmental agencies at a time when people are concerned with vaccinations and economic stimulation.
RELATED: The SolarWinds Hack Hits Home
The Exchange attacks even finds the government, for the first time, inviting members of the private sector to participate in a multi-agency task force. Unfortunately, the increased pace of Exchange attacks is not the only worry; researchers warn that attackers are also deploying ransomware.
Imagine how simple it would be for cyberattackers to install malware or snoop once they gain access. It is easy to see why the White House is worried and why organizations must patch vulnerabilities as soon as possible.
Patching as a safeguard
Security experts at Palo Alto Networks estimate that there are still over 125,000 unpatched Exchange servers worldwide. There is no consensus as to why organizations aren’t applying the updates, though statistics show that most organizations do not employ patches when they are first released. The White House notes that there are even “significant gaps in modernization and in technology of cybersecurity across the federal government.” While patching seems simple enough, the costs may sometimes outweigh the advantages. “Deploying patches,” CISA and FBI officials stated in a May 2020 alert, “often requires IT security professionals to balance the need to mitigate vulnerabilities with the need for keeping systems running and ensuring installed patches are compatible with other software.” At the same time, the costs of mitigating a breach may ultimately be higher. As we see with the Exchange vulnerabilities, threat actors can deploy ransomware to encrypt and/or steal data and extort payment. And when it comes to zero-day flaws, such as the four discussed here, the ramifications are huge, especially within the healthcare industry where outdated hardware and software are standard. IT professionals must make more of an effort to patch up flaws before an attack becomes time-consuming and costly.