Responding to Reports of Widespread Chinese and Criminal Hacking of Microsoft Email Software
Intelligence reports from the Department of Homeland Security (DHS) and the White House are cautioning that cyber-attackers are exploiting a set of recently disclosed vulnerabilities in Microsoft Exchange, a widely used business service. The White House last week ( www.cnn.com/2021/03/05/politics/white-house-warning-microsoft-hackers/index.html) underscored that the issues with Microsoft's email service is an active and significant threat that spans many sectors and companies, including small- and medium size businesses, universities and hospitals, as well as governments. The DHS Cybersecurity & Infrastructure Security Agency (CISA) has posted numerous alerts including technical guidance on how to update and patch affected systems (available here www.cisa.gov/ed2102).
Estimates are that more than 60,000 organizations are exposed and potentially compromised— a significant number for a vulnerability that was only recently disclosed. These numbers also suggest that attackers are moving at high speed to exploit the initial opening to possibly insert the ability to return at a later time to steal data, undertake financial fraud or launch ransomware.
We recommend our friends and clients adopt a multi-track approach to respond if they are actively using Microsoft Exchange, or if they rely on third parties that do so. First, ensure you undertake to implement Microsoft and CISA's patching and updating recommendations and test those corrections. Keep in mind that hackers are now extremely well informed about these vulnerabilities. Second, whether you have detected indicators of a potential intrusion or not, it is advisable to query further and if you have an incident response plan, consider triggering that to review your current posture. The disclosed vulnerabilities could allow threat actors to establish a presence in your network that may persist months from now, even after your systems have been updated. Third, incidents like these, or the Solarwinds comprises attributed to Russia and disclosed earlier this year, are a good opportunity to review your incident response plans, data security risk assessments and third-party relationships. Our data security team can assist with those reviews and any response steps specific to the Microsoft Exchange compromises.
Ice Miller has extensive experience with cybersecurity requirements. Our team includes Guillermo Christensen, managing partner of the Firm's Washington DC office and a former CIA officer with almost 20 years extensive national security experience in the intelligence community and incident response involving nation-state attacks on companies in the U.S. and internationally.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
