2021 Microsoft Exchange VulnerabilitiesExecutive SummaryIn March 2021 there is a worldwide crisis as thousands of email systems have been compromised by hackers exploiting a vulnerability in certain software. This presents security risks even for organisations which are not directly vulnerable or affected. DiscussionIn early March 2021, Microsoft issued updates for various versions of its enterprise email system, Exchange Server. The updates fixed security vulnerabilities which give rise to a very easily-exploited compromise and intrusion of the servers they are hosted on. It is a very significant issue, and as of mid-March, many servers around the world remain unpatched and/or compromised. No Cadzow TECH clients are directly susceptible to this vulnerability as most use Exchange Online in Office 365 (which is not affected). (Clients who were previously using on-premises editions of Exchange Server systems have been migrated to Office 365.) However, despite not falling victim to the vulnerability, the problem may affect businesses indirectly. If your business has suppliers or customers with an unpatched or compromised Exchange Server, this can result in a number of issues for your business: - If a supplier's server is subject to a ransomware attack, that may disrupt the supply chain while they rebuild their systems;
- If a customer's server is subject to a ransomware attack, this may affect their ability to pay your invoices; and
- If a supplier's email server is compromised, an attacker may send emails to you with various scams such as fake invoices or fake bank accounts to pay into — and these emails will be legitimate, having originated from the victim's actual server.
As of mid-March reports of compromise seem to be mostly ransomware attacks. However, the possibility of increased incidence of fake invoice scams is very real. Organisations should treat all incoming invoices with increased scrutiny. For a recent example of this scam, see https://www.abc.net.au/news/2021-03-17/aged-care-resident-scammed-out-of-bond-in-375000-email-hack/13226362. In particular, requests to change the bank/EFT details of existing suppliers/employees or new suppliers should be validated by telephone. Email requests to update banking details should be regarded as highly suspicious. Action- Verify all requests to use different EFT details from suppliers/employees.
- Check with major suppliers they have remediated the problem if affected.
Do not hesitate to contact Cadzow TECH with any queries. |