According to the Federal Office for Information Security (BSI), by the time Microsoft officially announced the Exchange vulnerability on March 3, 2021, it was already being exploited by APT groups like Hafnium, LuckyMouse, and Calypso\u00a0(BSI, 2021).<\/p>\n
The announcement of the vulnerability can, with little exaggeration, be compared to the triggering of an avalanche. Since then, APT groups around the world have been working 24\/7 to write exploits, incorporate the vulnerability into their tools, and attack every vulnerable Exchange server. It\u2019s not just about stealing emails and contact information. For some time, hackers have been attempting to penetrate companies, capture domain controllers (AD), steal additional data, and plant malicious code and back doors in company infrastructure as long-term entrenchment.<\/p>\n
This is only the third time since the BSI was founded that it has declared the highest security warning level. It\u2019s more than justified. According to the President of the BSI, Arne Sch\u00f6nbohm, since the security gap was found, \u201croughly 65,000 vulnerable servers belonging to businesses, authorities, and other institutions in Germany have been identified. Hackers who manage to take over Exchange can also easily penetrate into other internal IT systems. The threat represented by the current vulnerability goes far beyond Exchange.\u201d (Kuhn, 2021)<\/p>\n
Since the vulnerability was discovered, SECUINFRA has registered a tenfold increase in digital forensics and incident response (DFIR) operations. Based on our operations, we can confirm the BSI President\u2019s appraisal. It\u2019s no longer only about Exchange. Anyone who is affected and doesn\u2019t act now is being grossly negligent and risking their company\u2019s integrity.<\/p>\n
According to the BSI President, after security updates are installed, \u201cthe entire IT systems needs to be checked and cleared of any form of hacker activity\u201d (Kuhn, 2021).<\/p>\n
SECUINFRA is ready for this with its\u00a0Compromise Assessment<\/a> service. These are routine operations for our cyber defense experts. For our customers, the key issue is answering the urgent question: \u201cHave other systems aside from the Exchange server been compromised?\u201d SECUINFRA\u2019s cyber defense experts can answer this question quickly and precisely.<\/p>\n CONTACT US<\/a><\/p>\n <\/p>\n BSI, 2021\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Federal Office for Information Security (March 14, 2021), Microsoft Exchange Vulnerabilities,<\/p>\n