At the start of March Microsoft released a patch for several zero-day vulnerabilities being exploited to infiltrate Microsoft Exchange servers. However, fast forward almost a month and attacks on Microsoft Exchange are still hitting the headlines – so what exactly is the full story so far, and how can businesses ensure they’re protected against these threats?

 

Zero-Day Bugs

Microsoft were made aware of four zero-day bugs in early January, with independent researchers reporting suspicious activity on Microsoft Exchange servers that suggested attackers were already taking advantage of the vulnerability.

On March 2nd a patch was released by Microsoft in response to these four vulnerabilities in the Exchange server software, stating that the bugs were being actively exploited in “limited, targeted attacks.” With Microsoft Exchange being an email inbox, calendar and collaboration solution, any businesses compromised through these attacks could face significant damage due to the sensitive data stored within these areas.

According to researchers, as many as 100,000 organisations across the globe have potentially been infiltrated as a result of the Exchange vulnerabilities, although it’s likely that only a handful have actively had their data compromised.

Despite this patch being released at the start of the month, it’s important to remember that this doesn’t necessarily remove the risk of additional networks being compromised, as not all organisations will ensure this patch is installed immediately.

 

Ransomware Attacks

Microsoft Exchange servers compromised throughout the initial attack stage are now facing a secondary threat in the form of ransomware attacks. Security researchers first noticed signs of the Ransomware – known by the name of Black Kingdom – on the 21st of March, with ransom notes shared by some of the victims showing a consistent demand of $10,000 in bitcoin for the recovery of encrypted files.

The Black Kingdom ransom note

So far Black Kingdom has reportedly infected companies in the UK, the US, Canada, France, Germany, Russia, Australia and more. While it remains unclear if this ransomware is impacting any of the successfully patched Exchange servers, experts claim that tens of thousands of servers still remain unpatched, leaving them vulnerable to both stages of this attack.

 

Advice for Business Protection

Securing Against Software Vulnerability Exploits

Although companies can’t realistically protect themselves from zero-day exploits entirely, there are steps that you can take to increase your likelihood of avoiding falling victim.

Barracuda WAF and WAF-as-a-Service can be configured to block scanning and possibly exploit attempts against a handful of Microsoft software applications, including Exchange.

Barracuda also offers a Vulnerability Scanner tool that allows businesses to identify and resolve vulnerabilities in their own websites and other public-facing applications before hackers can exploit them.

Beyond these solutions, the best steps businesses can take are to plan an efficient incident response plan, allowing them to quickly deal with any existing threats and diminish further risks, and to stay up-to-date with the latest security news and software updates.

 

Securing Against Ransomware

Again, there is no guaranteed method for preventing ransomware attacks, but by following best practices you can both reduce your chances of falling victim to an attack, and also reduce the damage that successful hackers can cause.

There are a multitude of ways that hackers can infiltrate your systems to deploy ransomware, including of course software vulnerabilities, but also phishing attacks and network vulnerabilities. On top of the recommendations we listed for software applications, businesses should implement multi-layered email security and an antivirus firewall to cover all of these attack vectors.

However, one of the most effective steps you can take to protect your vital data from ransomware attackers is simply to backup everything. Most organisations already backup their data in some sense, but making sure this is done on a daily basis and is stored in the cloud will mean you have a safe copy that can’t be encrypted and used as leverage during the attack.

Barracuda Cloud-to-Cloud Backup is designed for SaaS environments, securing all of your Microsoft 365 data - including Exchange - with unlimited storage.