Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- by Brittany Day
2020 and the first few months of 2021 have highlighted the vulnerability of Microsoft Exchange email servers, and the importance of securing Exchange with effective supplementary email protection.
As recently as March 2, 2021, Microsoft released emergency security updates to mitigate four security holes in Exchange Server versions 2013 through 2019 that multiple APT and cyber espionage units were actively exploiting to steal email communications and gain total, remote control over the systems of at least 30,000 organizations across the United States. This article will provide tips and advice for securing your Exchange server to protect critical data and confidential business information in this heightened digital threat environment.
Exchange Risk is Greater than Ever
The Exchange flaws that surfaced earlier this month are not the first indication of Exchange vulnerability, but rather the latest addition to the platform’s troubling security record. In February of 2020, Microsoft issued a patch for a critical security vulnerability impacting numerous versions of Exchange dating back to 2010, which could be exploited by malicious actors to hijack infected systems.
Just two months later, researchers revealed that threat actors had begun to actively exploit this flaw, which remained upatched by approximately 350,000 Exchange servers exposed to the Internet at the time. Since then, Microsoft has identified a significant uptick in malicious activity targeting Exchange servers. The majority of these attacks leverage advanced fileless techniques that exploit legitimate, trusted tools and programs to evade detection.
Trend in attacks targeting Exchange servers since April 2020 (Source: Microsoft)
Anatomy of an Exchange Attack
So how exactly do these advanced attacks work? What methods are malicious actors employing to compromise Exchange servers without users’ knowledge? The first step in defending against a threat is understanding the threat itself - so we’re about to break it down for you.
Once a cyber criminal gains access to a vulnerable Exchange server, he or she deploys malicious code into one of the web accessible paths on the server. This enables threat actors to steal data and perform other malicious actions to further compromise the target system.
At this point in the attack, the malicious hackers run exploratory commands and identify targets. They collect a list of all the Exchange Servers on the network, along with details about individual mailboxes, such as role assignments and permissions. The attackers even add a new account on the infected server to obtain administrative access. To remain undetected, cyber criminals will often disable Microsoft Defender Antivirus, as well as automatic updates that were previously enabled.
Steps in an Exchange Attack (Source: Microsoft)
Tips & Advice for Securing Exchange Email Servers
So how exactly do these advanced attacks work? What methods are malicious actors employing to compromise Exchange servers without users’ knowledge? The first step in defending against a threat is understanding the threat itself - so we’re about to break it down for you.
Once a cyber criminal gains access to a vulnerable Exchange server, he or she deploys malicious code into one of the web accessible paths on the server. This enables threat actors to steal data and perform other malicious actions to further compromise the target system.
At this point in the attack, the malicious hackers run exploratory commands and identify targets. They collect a list of all the Exchange Servers on the network, along with details about individual mailboxes, such as role assignments and permissions. The attackers even add a new account on the infected server to obtain administrative access. To remain undetected, cyber criminals will often disable Microsoft Defender Antivirus, as well as automatic updates that were previously enabled.
Here are some other tips for securing your Exchange server against emerging exploits:
- Patch your system immediately and leave antivirus enabled on your server.
- Pay attention to and investigate all alerts indicating suspicious activity on your server.
- Restrict access to only those who truly need it and frequently review high-profile groups for suspicious activity.
- Closely monitor service account-based applications. Become familiar with the normal usage patterns of these accounts and restrict log-on times to help anomalous behavior stand out.
Investing in full-managed supplementary protection can further enhance security in Exchange. The team of security experts you partner with should be able to assist you in configuring Exchange properly and securely and ensuring that the additional security defenses you deploy are working optimally to safeguard Exchange against vulnerabilities and attacks.
Have additional questions about securing your Exchange server? Want to learn about a supplementary email security solution designed to make Exchange safe for business? Get a Demo>
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Email Virus - Complete Guide to Email Viruses & Best Practices
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- How To Spot A DocuSign Scam Email
- What To Do If Your Business Email Gets Hacked
- Why Do Over 90% of Cyberattacks Begin with an Email?
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- Why Is Machine Learning (ML) Beneficial in Security?
- What Is a Cyberattack?
- Cyber Risk Is On the Rise: How To Ensure Preparedness
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry
- Revolutionizing Email Security: The Evolution of EnGarde Secure Linux to EnGarde Cloud Email Security
- Open Source Utilization in Email Security Demystified