The White House released a warning about the recently discovered Microsoft Exchange vulnerabilities. This is just the latest concern about cyberattacks crippling businesses and organizations worldwide. We first explored the Exchange problems on March 6, noting then that governmental agencies were closely monitoring the circumstances.
RELATED: Chinese Hackers use 4 Zero-Day Exploits on Microsoft Exchange Servers Currently, the situation is critical, with officials cautioning that organizations have “hours, not days” to update Exchange. While no covered entities (CEs) are reported affected, such attacks should not be taken lightly by the healthcare industry. Cybersecurity is more essential than ever.
The Microsoft Exchange vulnerabilities
Microsoft first became aware of the four zero-day vulnerabilities, used as part of an attack chain, in January:
These four flaws allow hackers to access Microsoft email and calendar services. The vulnerabilities are found in Exchange Server versions 2013, 2016, and 2019. Exchange Server 2010 and Exchange Online remain unaffected. Microsoft named the originating threat group Hafnium, which is a state-sponsored advanced persistent threat (APT) operating out of China. Those breached include governmental agencies, think tanks, academic institutions, infectious disease researchers, and other businesses such as law firms and defense contractors. There is no evidence at this time that attackers target individuals. Although Microsoft released patches on March 2, not all users have updated, leaving them susceptible. Even more so as other threat actors have joined Hafnium in taking advantage of the problem. Research shows that at least 10 other APT groups are connected, including LuckyMouse, Tick, Winnti Group, and Calypso.
White House involvement
Over the past year, researchers have seen a rapid increase in data breaches. In fact, many threat actors are even using the current pandemic to exploit and steal data through cyberattacks, attacking critical healthcare and governmental agencies at a time when people are concerned with vaccinations and economic stimulation.
RELATED: The SolarWinds Hack Hits Home
The Exchange attacks even finds the government, for the first time, inviting members of the private sector to participate in a multi-agency task force. Unfortunately, the increased pace of Exchange attacks is not the only worry; researchers warn that attackers are also deploying ransomware.
RELATED: The Costs of Ransomware Attacks One victim even stated its attackers used display name spoofing.
Imagine how simple it would be for cyberattackers to install malware or snoop once they gain access. It is easy to see why the White House is worried and why organizations must patch vulnerabilities as soon as possible.
Patching as a safeguard
Security experts at Palo Alto Networks estimate that there are still over 125,000 unpatched Exchange servers worldwide. There is no consensus as to why organizations aren’t applying the updates, though statistics show that most organizations do not employ patches when they are first released. The White House notes that there are even “significant gaps in modernization and in technology of cybersecurity across the federal government.” While patching seems simple enough, the costs may sometimes outweigh the advantages. “Deploying patches,” CISA and FBI officials stated in a May 2020 alert, “often requires IT security professionals to balance the need to mitigate vulnerabilities with the need for keeping systems running and ensuring installed patches are compatible with other software.” At the same time, the costs of mitigating a breach may ultimately be higher. As we see with the Exchange vulnerabilities, threat actors can deploy ransomware to encrypt and/or steal data and extort payment. And when it comes to zero-day flaws, such as the four discussed here, the ramifications are huge, especially within the healthcare industry where outdated hardware and software are standard. IT professionals must make more of an effort to patch up flaws before an attack becomes time-consuming and costly.
RELATED: Exchange Server security patch warning: Apply now before more hackers exploit the vulnerabilities
HIPAA compliant email—another cybersecurity necessity
And because ransomware is now involved, CEs must utilize strong email security. Especially as phishing and ransomware attacks continue to dominate breach methods. Employing HIPAA compliant email with strong inbound email security is crucial to all cybersecurity programs. Paubox Email Suite Premium provides this needed protection and requires no change in email behavior. No extra logins, passwords, or portals. With our HITRUST CSF certified solution, all emails are encrypted directly from your existing email platform (such as Microsoft 365 and Google Workspace). Paubox Email Suite Premium also comes with ExecProtect, built to stop display name spoofing, and email data loss prevention, which stops employees from transmitting sensitive data outside the network. While not within the healthcare industry yet, the Microsoft Exchange vulnerabilities demonstrate that CEs must be proactive with their cyberhealth. As the White House warns, update and strengthen cybersecurity today.Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.