Search
My account
Categories
 Naar overzicht
The Exchange Marauder hack could also have been prevented

The Exchange Marauder hack could also have been prevented

Thousands of organizations are potentially at risk due to vulnerabilities in Microsoft Exchange Servers. These vulnerabilities have been actively targeted by hackers until recently, making the servers particularly vulnerable.

On March 2, 2021, Microsoft therefore released a special patch. A notable update because it was not released on 'Patch Tuesday'. This says something about the urgency of this update.

The patch fixes several pain points that give hackers access to the place where the entire Exchange Server is installed on. This is very important, because thousands of companies use Exchange for their email and calendar hosting. Hackers have made good use of the security weaknesses in the Exchange servers and have stolen a lot of data. A very serious cyber security incident that quickly follows the at least as serious Solarwinds incident that took place in December 2020. In that case, too, hackers managed to detect vulnerabilities in the systems and get to sensitive data.

How it could even happen to Microsoft

Even the unapproachable Microsoft did not escape the large-scale break-in. Roughly estimated, almost twenty thousand companies ended up being affected. Hackers managed to discover zero-day vulnerabilities on Microsoft's servers, after which they were able to go undetected for a while by means of lateral movement attacks.

Cyber attack on tens of thousands of mail servers worldwide

‘It is probably the largest and most sophisticated attack ever’. These are the words of Brad Smit, president of Microsoft, about the Solarwinds hack last December. His company also bore the brunt of the intrusion of the cyber attack. But that even the U.S. software giant is proving not to be safe from outside intruders is evident just a few months later after the recent hack, called Exchange Marauder. The attack is causing a stir around the world. Hackers managed to exploit vulnerabilities in Microsoft Exchange servers in order to gain access to tens of thousands of email servers worldwide.

A Current Problem

Nothing that a simple update can't fix, right? But it's not that simple, observes the Dutch National Cyber Security Centre (NCSC). They therefore conclude that the consequences of the Microsoft Exchange vulnerabilities are significant. Also for Dutch organizations and companies. Data is stolen on a large scale, various backdoors are built in, mailboxes are offered on the black market and malware is installed. Even after an update of Microsoft Exchange, a large number of servers remain vulnerable, according to the NCSC. Malicious parties can still penetrate relatively easily and abuse the vulnerabilities.

Source: www.english.ncsc.nl/latest

Business intelligence and ransomware

In the time between a hack and installing the update with a fix, malicious parties may have already captured emails with (company) information for a long time. Or, perhaps more annoyingly, may have created the ability to remotely execute a ransomware attack on the system. Whereas the NCSC recommends to keep checking for new updates and scripts especially, Hart4Technology offers a more sustainable ánd efficient solution in the form of Safe-T’s Zero Trust Network solutions.

Safe-T's ZTNA could have prevented the Microsoft Exchange hack

The question of how such an attack could have been repelled is a logical one. The answer may be somewhat less obvious. Nevertheless, a so-called supply chain attack - an attack with the goal of penetrating the less secure elements within a supply chain - can indeed be prevented. With Safe-T's Zero Trust Network Access (ZTNA), for example. It provides a centralized MFA solution that easily fends off an attack.

This is how Safe-T SFA works

With Safe-T SFA (Secure File Access) you have the option to place files in isolation. Furthermore, it offers full access control for all users. This way you ensure that cybercriminals have no chance to steal your sensitive data. The chance that ransomware can be placed is also minimal thanks to the SMB protocol. This protocol - SMB stands for Server Message Block – and is also known by the name Common Internet File System. It is used to enable file exchange between multiple computers. With Safe-T SFA, you ensure that this protocol is not exposed, giving ransomware virtually no chance.

Safe-T's ZTNA could have prevented the Microsoft Exchange hack

The question of how such an attack could have been repelled is a logical one. The answer may be somewhat less obvious. Nevertheless, a so-called supply chain attack – an attack with the goal of penetrating the less secure elements within a supply chain - can indeed be prevented. With Safe-T's Zero Trust Network Access (ZTNA), for example. It provides a centralized MFA solution that easily fends off an attack.

This is how Safe-T SFA works

With Safe-T SFA (Secure File Access) you have the option to place files in isolation. Furthermore, it offers full access control for all users. This way you ensure that cybercriminals have no chance to steal your sensitive data. The chance that ransomware can be placed is also minimal thanks to the SMB protocol. This protocol - SMB stands for Server Message Block – and is also known by the name Common Internet File System. It is used to enable file exchange between multiple computers. With Safe-T SFA, you ensure that this protocol is not exposed, giving ransomware virtually no chance.

Safe-T provides a proactive solution against hackers

Safe-T offers zero trust users network. A simple but proactive cybersecurity solution that reduces your risk of falling prey to hackers. An attack like the one on the American software company Solarwinds, or like the Microsoft Exchange server hack? With Safe-T, you protect your organization very well against cyber-attacks.

Benefits of Safe-T Zone Zero
 

There are numerous benefits that make Safe-T stand out. For your convenience, we list them for you.

  • Safe-T provides protection in both zero-day attacks (ZoneZero SDP) and lateral movement (ZoneZero SDP and MFA) and ransomware attacks (Safe-T Secure File Access (SFA)
  • Safe-T is a very easy to monitor logs
  • It provides a simple solution to critical security issues
  • Everyone can work with Safe-T: no specific product knowledge is needed
  • You are no longer dependent on various software packages
  • Various options to add MFA to sources, webbased and non-webbased applications
  • No need to purchase new VPN’s. You can just keep using your existing VPN applications
  • This product could have prevented the Microsoft Exchange hack or Marauder hack
     

ZoneZero Safe-T security products

Prevent data theft and don't give cybercriminals a chance like they had with the Solarwinds and the Microsoft Exchange hack. Especially since the solution is incredibly simple én affordable. With the implementation of ZTNA (Zero Trust Network Access), the impact would never have been so great at these companies either. At Hart4Technology, we have écht heart for data security. That is precisely why we use Safe-T's security products. And that is exactly why we recommend you to do the same. You've come to the right place for ZoneZero Safe-T security products. Whether it's an organization that employs one or five hundred people: together we will protect your organization against the unwanted dangers from outside.