Is your business at risk of a Zero-Day threat?

Back in February 2021, when most of the UK was still under the second lockdown, there was another threat brewing – a Microsoft Exchange Server Zero-Day threat.

If you’re a business that has an on-premises Microsoft Exchange Server and you haven’t heard of Zero-Day threats, this article is a must-read.

After all, while Microsoft released a new patch to address the Zero-Day exploits that emerged earlier this year, many businesses still remain exposed.

What is a Zero-Day threat?

It may seem alarming but every day dozens of new Zero-Day threats emerge that target software.

Therefore, your business will be at risk if:

  • You do not have a suitable advanced threat prevention system; and
  • You fail to apply software patches as soon as they become available

If you are operating a 2010, 2013, 2016 and 2019 on-premises Microsoft Exchange Server, you will also want to make sure the latest Zero-Day patches have been applied.

Earlier this year, Microsoft Exchange Server customers were exposed to four vulnerabilities (CVE-2021-26858, CVE-2021-26857, CVE-2021-27065 and CVE-2021-26855). Each of these allows hackers to take control of an impacted system, access business data and install malware.

Specifically speaking, they enable hackers to:

  • Authenticate as the Exchange Server (potentially putting your entire system at risk)
  • Run code on your Exchange Server
  • Write a file to any path on the server
  • Send arbitrary HTTP requests

Essentially, hackers access servers, email accounts and install malicious malware with the intention of having long-term access to a business environment. Once they’ve accessed your environment, they create web shells to steal data.

Some threats have also led to ransomware attacks. This is where the hacker holds your entire system to ransom in exchange for money.

Other Zero-Day threats have seen employee email addresses being used to redirect financial transactions. Exposure to email and offline Exchange address books can also result in spam and phishing campaigns. In this scenario, your customers and contacts may well end up being the target.

Could my business already be affected?

In short, the answer is yes. The vulnerabilities seen in February and March were largely targeted at research institutions. However, Microsoft announced that it expects to see more linked threats, including ransomware attacks.

If you are not defending your perimeter and you are not routinely addressing software vulnerabilities, you are at risk.

What can I do to protect my business?

If you use on-premises Microsoft Exchange Servers, it’s a good idea to assume that you have been affected and start checking and updating now.

To protect your data, network and applications, you’ll need an advanced threat prevention solution that can test untrusted files, links, and emails before they reach your network.

If you’re already aware of the business benefits of moving to the cloud, now may also be a good time to do so since most vulnerabilities and patches are taken care of at source.

Let's Talk Zero-Day Threat

An Agile Technical Solutions IT health check can establish where your current Zero-Day (and other) vulnerabilities are and what can be done to resolve them. So, please reach out to us and we’d be all too happy to advise you.