Microsoft Exchange Server Zero Day Exploits – A Foothold for Attackers

2021 started with a bang, a big one. On or about January 3^rd (reports vary between the 3^rd and the 6^th as to the initial detection), Microsoft Exchange Servers were compromised by a Zero-day attack. It allowed attackers to quietly install a back door Trojan through Exchange’s Unifying Messaging module, which allows for storing emails, voicemails, faxes, calendars and the contact list from users’ mailboxes so they can be accessed from different systems, or even mobile devices. To date, hundreds of thousands of systems were compromised.

Throughout February, the attack went on unabated, with attackers using mass scans to locate and infect vulnerable systems. As Microsoft raced to get a handle on the attack, systems worldwide were being infected en masse. Finally, in the latter end of February, Microsoft came up with patches to fix four Zero-day flaws in Exchange and planned to push them out with their regular “Patch Tuesday,” the second Tuesday of the month which Microsoft uses for their standard updates patch (March 9^th in this case).  But due to the severity and wildfire-like spread, they released the updates patch a week early, on March 2^nd.  By March 3^rd, tens of thousands of systems were infected worldwide and thousands more were being compromised by the hour. The problem was so severe, even the White House National Security Advisor, Jake Sullivan, was out tweeting about the importance of installing the March 2^nd patch to inoculate organizations against these Zero-day attacks.

Unfortunately, not everyone does the updates right away, and there are still many, many vulnerable systems out there being scanned for and exploited by attackers, with at least 10 APTs (Advanced Persistent Threats) now in the wild leveraging those flaws for all sorts of other nefarious purposes as well. So GDF strenuously implores you:

***IF YOU STILL HAVE NOT DOWNLOADED AND INSTALLED THE MARCH 2^nd PATCHES, DO IT RIGHT NOW!!!***

So what is a Zero-day attack?

Every threat to your computer security has to start somewhere. Unfortunately, the way most of us protect ourselves from cyber threats and intrusions, is to use detection programs that are based on analyzing, comparing and matching the digital footprint of a possible threat to an internal database of threats that have been previously detected, reported and documented. That’s why we all have to go through those seemingly never-ending updates to our antivirus programs, that’s how the database is updated and the newest threats are added to the list of what the scanners look for. That inherent flaw in our scanners is what makes a Zero Day threat so dangerous. A Zero Day threat is pristine and undocumented. From the very first day a particular threat is ever deployed (Zero day) until that threat is noticed, reported, documented and added to the index, it is an unknown. As far as standard protection goes, unknown means invisible – and when it comes to cyber threats, invisible can definitely mean trouble.

How can GDF help?

GDF’s vulnerability assessments and penetration tests are designed to see where your cybersecurity posture stands right now.  We will review policies and procedures to identify patch management issues, use threat signature databases updated to detect these latest threats during our testing, test for existing intrusions/compromises, and we can help you in multiple ways from an Emergency Incident Response perspective, from helping you create/review/maintain an effective Emergency response plan, to being able to get boots on the ground to respond to your breach or intrusion with our Emergency Response Teams strategically positioned around the country to give you unrivaled response times.

We even have remote options available using agents which can be remotely deployed across tens of thousands of endpoints enterprise-wide in as little as two hours, with all the components being up and running within 24 hours. Once a threat is detected, the network is analyzed and the unique automated response and cross-system remediation capabilities spring into action – remediating the threat in real time. Your system will also be constantly monitored by a 24/7 SOC team and be constantly updated with front-line security intelligence to ensure rapid response. For our Vulnerability assessment and penetration testing clients, we also offer no retainer SLAs (Service Level Agreements) so you can have GDF waiting in the wings to respond to your emergency without having to pay anything if no emergency incident occurs, since we will already be intimately familiar with your unique cybersecurity posture and requirements from our assessments and testing.

So call GDF at 1-800-868-8189 today, or fill out the form below and we’ll contact you, and let’s get started.