What is a Zero-Day threat?
It may seem alarming but every day dozens of new Zero-Day threats emerge that target software.
Therefore, your business will be at risk if:
- You do not have a suitable advanced threat prevention system; and
- You fail to apply software patches as soon as they become available
If you are operating a 2010, 2013, 2016 and 2019 on-premises Microsoft Exchange Server, you will also want to make sure the latest Zero-Day patches have been applied.
Earlier this year, Microsoft Exchange Server customers were exposed to four vulnerabilities (CVE-2021-26858, CVE-2021-26857, CVE-2021-27065 and CVE-2021-26855). Each of these allows hackers to take control of an impacted system, access business data and install malware.
Specifically speaking, they enable hackers to:
- Authenticate as the Exchange Server (potentially putting your entire system at risk)
- Run code on your Exchange Server
- Write a file to any path on the server
- Send arbitrary HTTP requests
Essentially, hackers access servers, email accounts and install malicious malware with the intention of having long-term access to a business environment. Once they’ve accessed your environment, they create web shells to steal data.
Some threats have also led to ransomware attacks. This is where the hacker holds your entire system to ransom in exchange for money.
Other Zero-Day threats have seen employee email addresses being used to redirect financial transactions. Exposure to email and offline Exchange address books can also result in spam and phishing campaigns. In this scenario, your customers and contacts may well end up being the target.
Could my business already be affected?
In short, the answer is yes. The vulnerabilities seen in February and March were largely targeted at research institutions. However, Microsoft announced that it expects to see more linked threats, including ransomware attacks.
If you are not defending your perimeter and you are not routinely addressing software vulnerabilities, you are at risk.
What can I do to protect my business?
If you use on-premises Microsoft Exchange Servers, it’s a good idea to assume that you have been affected and start checking and updating now.
To protect your data, network and applications, you’ll need an advanced threat prevention solution that can test untrusted files, links, and emails before they reach your network.
If you’re already aware of the business benefits of moving to the cloud, now may also be a good time to do so since most vulnerabilities and patches are taken care of at source.