Data Offsite Backup and the Recent Microsoft Exchange Attack

What started as a report from Krebs on Security of at least “30,000 US organizations” hacked  has quickly morphed into what Bloomberg calls a “Global Crisis” with at least 60,000 hacked businesses. ZDNet reports “exploitation attempts on organizations doubling every two to three hours.” What really stands out about the ZDNet article is an estimate that “at least 125,000 servers remain unpatched worldwide.” Unpatched software is responsible for 20% to 40% of breaches, only surpassed by phishing and social engineering at 70% to 90%.”

Inaction Can Exacerbate the Problem

On March 2, 2021 The Exchange Team at Microsoft released the essential Exchange Server security updates (Click Here) urging users to patch immediately. It is noted that the flaws primarily impact internet facing users of Exchange Server 2013, 2016, and 2019. This was a quiet and long developing hack that escalated quickly into what MIT Technology chronicles as “escalating into a reckless hacking spree.” The Cyber Infrastructure and Infrastructure Security Agency (CISA) recommends: CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised. For additional information on the script, see Microsoft’s blog HAFNIUM targeting Exchange Servers with 0-day exploits. There is also a Microsoft authored script published on GitHub to address the known vulnerabilities. CIOs and IT managers, don’t wait for someone to assess later if you’re impacted, find out immediately and patch. Reducing the level of remediation required due to the Hafnium hack, or limiting even worse consequences to your business, depend upon your immediate actions.

Several Actions You Can Take Now

• Monitor and install updates and patches immediately upon recommendation/release
• If your IT team or business is under resourced to properly maintain a resident Exchange server, consider an “Exchange Online” service (unaffected by Hafnium hacks)
• Assure your network design considers and reduces the impact of any single hacked Exchange server
• Incorporate a compliant, secure, off-prem and automated offsite backup service to assure your email, data, and intellectual property is safe and instantly accessible.
• Consider implementing a Zero Trust security model. Treating all unauthenticated users as untrusted (giving birth to the Zero Trust motto: “trust no one, always verify”) can be especially pertinent to Exchange, permitting connections only to known and secure devices.

If you’re looking for the expertise and services to automate and enhance your strategy to backup data offsite and Disaster Recovery capabilities, or desire a comprehensive backup and recovery solution for Microsoft 365 in a simple “as a Service” package, Otava can help. Consider our secure, compliant cloud solutions managed by a team of experts trained in the latest security best practices. Call 877-740-5028 or contact us to learn more.

Related Information:

Do You Have the Right Levels of DR and Backup for each Workload?

An analysis of the value of each workload and its overall impact on the business, in the event of disruption or loss, is a critical precursor to determining the level of disaster recovery required.

Cloud Backup for Microsoft 365

According to Veeam research, a staggering 74 percent of Microsoft 365 users have no protection strategy – despite the fact that Microsoft 365 does not come with comprehensive or long-term backup.

Managed cloud backup

Otava Managed Cloud Backup powered by Veeam provides a fully integrated, fast, and secure way to backup your data to Otava’s powerful private cloud, complete with 24/7 world-class support management