Tenfold increase in incident response operations at SECUINFRA due to Exchange vulnerability

According to the Federal Office for Information Security (BSI), by the time Microsoft officially announced the Exchange vulnerability on March 3, 2021, it was already being exploited by APT groups like Hafnium, LuckyMouse, and Calypso (BSI, 2021).

The announcement of the vulnerability can, with little exaggeration, be compared to the triggering of an avalanche. Since then, APT groups around the world have been working 24/7 to write exploits, incorporate the vulnerability into their tools, and attack every vulnerable Exchange server. It’s not just about stealing emails and contact information. For some time, hackers have been attempting to penetrate companies, capture domain controllers (AD), steal additional data, and plant malicious code and back doors in company infrastructure as long-term entrenchment.

This is only the third time since the BSI was founded that it has declared the highest security warning level. It’s more than justified. According to the President of the BSI, Arne Schönbohm, since the security gap was found, “roughly 65,000 vulnerable servers belonging to businesses, authorities, and other institutions in Germany have been identified. Hackers who manage to take over Exchange can also easily penetrate into other internal IT systems. The threat represented by the current vulnerability goes far beyond Exchange.” (Kuhn, 2021)

Since the vulnerability was discovered, SECUINFRA has registered a tenfold increase in digital forensics and incident response (DFIR) operations. Based on our operations, we can confirm the BSI President’s appraisal. It’s no longer only about Exchange. Anyone who is affected and doesn’t act now is being grossly negligent and risking their company’s integrity.

According to the BSI President, after security updates are installed, “the entire IT systems needs to be checked and cleared of any form of hacker activity” (Kuhn, 2021).

SECUINFRA is ready for this with its Compromise Assessment service. These are routine operations for our cyber defense experts. For our customers, the key issue is answering the urgent question: “Have other systems aside from the Exchange server been compromised?” SECUINFRA’s cyber defense experts can answer this question quickly and precisely.

CONTACT US

 

BSI, 2021         Federal Office for Information Security (March 14, 2021), Microsoft Exchange Vulnerabilities,

https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf?__blob=publicationFile&v=3

Kuhn, 2021     Kuhn, T. (March 14, 2021), Die Bedrohung reicht weit über Microsoft Exchange hinaus (“The threat goes far beyond Microsoft Exchange”), WirtschaftsWoche,

https://www.wiwo.de/technologie/digitale-welt/cybersicherheit-die-bedrohung-reicht-weit-ueber-microsoft-exchange-hinaus/26996784.html