On-premises Exchange Server: Protection against recent attacks 

Since the beginning of March 2021, the On-premises Exchange Server has been a target for cyberattacks. It all started as a nation-state attack by HAFNIUM, but now, other cybercriminal organizations are taking advantage of it too. 

In the past few weeks, these attacks have increased. While Microsoft and partners are constantly working to bring completely secure services, this atypical situation requires elevated attention. 

‘’This is now what we consider a broad attack, and the severity of these exploits means protecting your systems is critical’’ – Microsoft Security Team 

The type of email server that is targeted by these attacks is commonly used among small and medium-sized businesses. So, what’s Microsoft doing to keep companies safe?

  1. Regular software security updates, for the latest versions of Exchange Server. 
  2. Automatic On-Premises Exchange Server mitigation in Microsoft Defender Antivirus. 
  3. Specific updates for older, out-of-support software. 

What can you do to protect your company? 

Step 1. Apply all relevant security updates to every system 

Even if you have automatic updates activated, it’s important to find the version of Exchange Server your company uses, and actively monitor if there are updates that have not been installed. 

This action will protect your server from known attacks, and it’ll give you time to update to a fully secure, newly released version. 

Step 2. Identify if any system has been compromised 

Microsoft has provided us with steps and tools, to make this step easier and efficient. These include A latest version of Microsoft Safety scanner, and an in-time-updated list of indicators of compromise 

If there’s a system that has been compromised, remove it from your network.  

Here’s a demonstration of the progress of the situation, so far: 

On-premises Exchange Server Attacks

Source: Microsoft Security Blog & RiskIQ

Microsoft is actively monitoring the situation, as well as working on solutions and prevention. If you want to read more details about these attacks and the actions that are being taken, click here. 

If you have any questions about how we can help improve your company’s security, contact us. 


You might also like: