Cloud Security

Microsoft Exchange hack: FBI, CISA warn of follow-on ‘destructive’ attacks

March 11, 2021

A joint advisory from the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warns of potential follow-on attacks to the recent hacking incident against vulnerable Microsoft Exchange email servers, Breaking Defense reported.

Noting that the number of Exchange hacks attempted and accomplished have not been decreasing, the agencies and other security firms say more threat actors are likely to attack the servers, ranging from cybercriminals to actors sanctioned by nation-states.

A recent report by security firm ESET identified “at least 10” threat actor organizations attacking Exchange servers with zero-day exploits and web shells. The advisory says the attacks could take the form of ransomware deployed by cybercriminals or more destructive actions such as data wiping, which are more likely to be performed by nation-states.

The advisory recommends an immediate forensic triage of all on-site Exchange servers to search for signs of compromise, and to perform a step-by-step procedure supplied by the agency if the organization has in-house forensic capabilities. Those without in-house forensics expertise and which have discovered signs of compromise are advised to disconnect their Microsoft Exchange on-premises servers and inform the FBI or CISA.

Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad