"All hands to the pump" after Exchange vulnerabilities

Monday 15 March 2021

It was all hands on deck for a local IT firm, after "significant compromises" in the Microsoft Exchange email system caused a threat to Channel Island businesses.

Cyber attackers went after every Microsoft Exchange server on the internet last week after vulnerabilities were exposed in the software giant's email platform.

The patches released by Microsoft since are designed to tackle four severe vulnerabilities identified. These included server-side forgery, unsafe data deserialisation inside the Unified messaging service and the ability of an authorised exchange user to overwrite any existing file inside the system with their own data. 

Next Generation IT Director Jason Connolly said He said the technical team had worked 24/7 to update all of its local Microsoft-driven client systems within a few hours of the patch release to ensure they remain secure and protected in NGIT’s privately-run cloud.

"The news that there were significant compromises in the Exchange email system meant all hands to the pump as speed is key to ensure important data stays protected.

"Microsoft Exchange Server is an email inbox, calendar, scheduling and collaboration platform used by many businesses across the Islands. I am pleased that the swift actions taken by our technical engineers and consultants in implementing patches and working with clients has meant none experienced any issues.”

Tom Bale, Business Development and Technical Director at Logicalis in Guernsey, has also commented on the attack, which has left around 170,000 sites vulnerable. 

"While the attack may have started as an attempt to steal information from think tanks, higher education institutes, defence contractors, and infectious disease researchers in the USA, it has gone global. Organisations in the Channel Islands using Microsoft Exchange servers for emails are vulnerable.

Pictured: Tom Bale, Business Development and Technical Director at Logicalis in Guernsey.

“Unfortunately patching is too late if an organisation has already been compromised. You need to find out if your systems have been compromised and secure them appropriately. If these systems have been compromised, they need to be isolated, forensics applied and ultimately rebuilt. Being compromised is serious as data and credentials may have already been stolen.”

Software may have been compromised as early as January, with Microsoft warning of attacks to corporate and government servers and releasing updates earlier this month. The four vulnerabilities disclosed by Microsoft do not affect Exchange Online, the cloud-based service used in Office 365 Packages. However, hackers may use stolen data to craft targeted phishing attacks on any business or organisation. 

“Attacks such as this remind us all we are vulnerable, whatever the size or location of our business or organisation. In some ways, this may prompt more organisations to move to cloud-based email servers with automated security and identity management to make monitoring and maintenance more straightforward," said Mr Bale.

"Even if your organisation has not been affected, everyone needs to be aware of the increased risk of phishing attacks because of the potential of mass data breaches.”

Pictured top: NGIT Director Jason Connolly (Credit: Karl Taylor Photography)