Tenfold increase in incident response operations at SECUINFRA due to Exchange vulnerability

According to the Federal Office for Information Security (BSI), by the time Microsoft officially announced the Exchange vulnerability on March 3, 2021, it was already being exploited by APT groups like Hafnium, LuckyMouse, and Calypso (BSI, 2021).

The announcement of the vulnerability can, with little exaggeration, be compared to the triggering of an avalanche. Since then, APT groups around the world have been working 24/7 to write exploits, incorporate the vulnerability into their tools, and attack every vulnerable Exchange server. It’s not just about stealing emails and contact information. For some time, hackers have been attempting to penetrate companies, capture domain controllers (AD), steal additional data, and plant malicious code and back doors in company infrastructure as long-term entrenchment.

This is only the third time since the BSI was founded that it has declared the highest security warning level. It’s more than justified. According to the President of the BSI, Arne Schönbohm, since the security gap was found, “roughly 65,000 vulnerable servers belonging to businesses, authorities, and other institutions in Germany have been identified. Hackers who manage to take over Exchange can also easily penetrate into other internal IT systems. The threat represented by the current vulnerability goes far beyond Exchange.” (Kuhn, 2021)

Since the vulnerability was discovered, SECUINFRA has registered a tenfold increase in digital forensics and incident response (DFIR) operations. Based on our operations, we can confirm the BSI President’s appraisal. It’s no longer only about Exchange. Anyone who is affected and doesn’t act now is being grossly negligent and risking their company’s integrity.

According to the BSI President, after security updates are installed, “the entire IT systems needs to be checked and cleared of any form of hacker activity” (Kuhn, 2021).

SECUINFRA is ready for this with its Compromise Assessment service. These are routine operations for our cyber defense experts. For our customers, the key issue is answering the urgent question: “Have other systems aside from the Exchange server been compromised?” SECUINFRA’s cyber defense experts can answer this question quickly and precisely.

CONTACT US

 

BSI, 2021         Federal Office for Information Security (March 14, 2021), Microsoft Exchange Vulnerabilities,

https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf?__blob=publicationFile&v=3

Kuhn, 2021     Kuhn, T. (March 14, 2021), Die Bedrohung reicht weit über Microsoft Exchange hinaus (“The threat goes far beyond Microsoft Exchange”), WirtschaftsWoche,

https://www.wiwo.de/technologie/digitale-welt/cybersicherheit-die-bedrohung-reicht-weit-ueber-microsoft-exchange-hinaus/26996784.html

Thomas Bode · Author

Marketing Manager

Thomas Bode ist Marketing Manager bei der SECUINFRA. Neben den marketingrelevanten Aufgaben verantwortet Thomas auch das soziale Engagement der SECUINFRA.

Thomas Bode ist Marketing Manager bei der SECUINFRA. Seine beruflichen Wurzeln liegen in der Tourismus-Branche, weshalb er u.a. die Planung und Organisation von Firmenevents bei der SECUINFRA verantwortet. Dabei ist es sein Ziel, nicht nur ausgefallene Reiseziele und Locations zu finden, sondern sich auch Aktivitäten zu überlegen, die für alle in besonderer Erinnerung bleiben und das Team weiter zusammenwachsen lassen. Neben den marketingrelevanten Aufgaben verantwortet Thomas auch das soziale Engagement der SECUINFRA. Seine Freizeit verbringt Thomas entweder mit seiner Familie oder zu Wasser beim Rudern auf dem Kalksee.

Marketing Manager

Thomas Bode is Marketing Manager at SECUINFRA. In addition to marketing-related tasks, Thomas is also responsible for SECUINFRA's social commitment.

Thomas Bode is Marketing Manager at SECUINFRA. His professional roots are in the tourism industry, which is why he is responsible for planning and organizing corporate events at SECUINFRA, among other things. In doing so, his goal is not only to find unusual destinations and locations, but also to come up with activities that will be remembered by everyone and that will help the team to grow together. In addition to marketing-related tasks, Thomas is also responsible for SECUINFRA's social engagement. Thomas spends his free time either with his family or on the water rowing on the Kalksee.
Beitrag teilen auf: