How to Protect Yourself Against Security Breach Sequels

If you are an Exchange Server admin, then you’re likely familiar with 2021’s infamous security breach. Even if you weren’t directly affected by the security breach, you probably know someone who was.

The January 2021 Server Breach

Exchange Servers around the world were attacked by a web shell that “tricked” them into requesting information, including PDFs, documents, and emails. This put millions of Microsoft Exchange users in vulnerable positions. If one good thing came out of this security breach, it was the realization that these types of backdoor breaches are becoming more common and that more measures need to be taken to enforce cybersecurity. Governments and military branches were targeted, along with healthcare services, schools, and small businesses. There were several culprits for these breaches, including Hafnium, Chinese government hackers that were affiliated with China’s Ministry of State Security, although China has denied any involvement.

No one wants a repeat of this notorious 2021 security breach. For this reason, system administrators have had to assess damage, patch, and stay on top of their on-premises Exchange Server programs like never before. There are several things you can do to keep your information and data safe.

Evaluate Your Exchange Server

Security patches only help moving forward; any damage done before updates have been applied may remain. Check out your system and process behaviors often to assess any red flags in Exchange application processes, like Command shells (cmd.exe) and PowerShell. Determine the health of your Exchange Server by running Microsoft Exchange Server Support Scripts. The Cybersecurity and Infrastructure Security Agency has also released information on how to assess and mitigate Microsoft Exchange Server vulnerabilities. Although Exchange 2010 was not vulnerable to this attack, Exchange Servers 2013, 2016, and 2019 were.

Update and Patch

Update all on-premises Exchange Servers with the “out-of-band” security updates, particularly those that are internet-facing. Microsoft has published a description of the security updates for Server versions, which is available on its website. Security updates should always be on your radar and they should be implemented as soon as they’re available.

Protect Against Further Zero-Day Vulnerabilities

Novel exploits are likely to be the modus operandi for breach sequels. These types of breaches are often not detectible with ordinary malware programs. Whitelisting is becoming a more popular option for security and denies execution permission to processes or applications that are not approved. There are no guarantees that they will ward off future attacks, but they can add another layer of protection against helper software executions that are often installed by hackers to gain access to a server. Another best practice to help mitigate further security breaches is hiring a penetration testing engineer to find the vulnerabilities in your company’s system.