Vulnerabilities in Microsoft Exchange Server have a serious impact. Simple patching is not enough
Vulnerabilities in Microsoft Exchange Server have a serious impact. Simple patching is not enough

Unauthorized access to e-mail. Potential dangers of malicious code installation, data theft and misuse thereof with social engineering methods. Local companies and institutions are in serious danger connected to the massive attacks on systems using Microsoft Exchange Server. The latest large-scale incident revealed the fact that simple updating is not sufficient for the protection of the company's system.

The attack targeting one of the most common Microsoft software products used for e-mail exchange and resource sharing was most likely launched as early as the end of 2020. In the following months, before its discovery in March, hackers have silently attacked tens of thousands of servers around the globe. The Czech Republic and Slovakia did not escape these attacks either, as there were thousands of vulnerable servers in both countries.

A compromised e-mail server can serve the attackers as a springboard for attacking other systems in the organization, as well as those of its business partners, suppliers, or customers. Although updates are underway at present aiming at fixing the vulnerabilities, it cannot be ruled out that the hackers have created backdoors in the infected systems with an intention to use them for more future attacks.

As the experience of experts from the AEC company providing cyber protection to enterprises and institutions shows, attackers who have gained access to sensitive information will definitely try to effectively monetize the stolen data or misuse it for further attacks with social engineering methods.

Despite the timely installation of patches, no company can be sure that a number of confidential information such as contacts, addresses, employee names, invoices or contracts has not escaped from their systems together with the stolen e-mails. And this is also one of the reasons why cyber security experts continue to recommend the highest level of caution to be applied.

“If we cannot be sure whether the system was compromised or not, we have to assume that it was compromised,” comments Maroš Barabas, Head of Product Management in AEC and he adds: “Be prepared that attacks can be targeted not only at you, but also at all your partners, suppliers, or customers you are interacting with and that your confidential information and data can be misused to achieve it.”

The key issue with this type of compromise lies in the fact that the attacker knows perfectly well how the attacked company communicates with its surroundings due to possessing the stolen information. This allows him to follow with the communication in a proper manner and at the right time. For example with a fake e-mail written in a format identical to the correspondence which the infected company would normally exchange with its business partner, including the history of conversation.

However, there may be one tiny difference – for example in addition to the standard message attributes and the usual business information, the e-mail may also contain a little note: we are sending the requested invoice; however, we would like to notify you of a change in the account number. There is no way this e-mail can be recognized as a scam. The only way the company can be certain that it will not loose its money would be a proper check of such message by its duly informed employee.

“In this case, we recommend checking this information directly with the supplier by phone. But be sure not to call the number listed on the suspicious invoice, because the person on the other end of the line could easily be the attacker himself. Call only known numbers. And send the money only to accounts verified by a process not relying on e-mail communication,” says Maroš Barabas. He also said that companies can face these and similar practices by utilizing security awareness services. These include comprehensive employee trainings provided with the latest technologies and procedures, including testing. A specially trained worker could be exactly the decisive factor for ensuring the company’s cyber security.


Please see our website for more information.