Critical vulnerabilities identified in early March “Microsoft (MS) Exchange “e-mail servers, which are widely used in both the public and private sectors, informs” Cert.lv “.
–
Content will continue after the ad
Advertising
–
Available emergency Microsoft updates protect servers from further attacks, but do not eliminate the threat if the attack occurred before the updates were installed. Due to the high activity of attackers before publishing updates, Cert.lv invites institutions and companies to check their MS Exchange servers. By March 15, 2021, Cert.lv has detected the presence of malware on at least ten MS Exchange servers in the public sector, but the estimated number of victims in the country could exceed 150 organizations in total.
In the event of a successful attack, there is a risk that attackers will not only gain employee e-mail access data, e-mail correspondence, and address book access, but may also go a step further and take actions that could compromise the entire enterprise network infrastructure.
All current, on-premises versions of MS Exchange are affected. Attack on web component (OWA and ECP). In some cases, the compromised infrastructure also contains the presence of an encrypting squeeze virus, which can paralyze the entire company or institution.
In some cases, the servers are compromised less than an hour before the updates are installed, so until the appropriate checks have been performed and confirmed to the contrary, Cert.lv invites all MS Exchange servers to be considered compromised.
CERT.LV recommends using the following tools (both must be used):
“Cert.lv” emphasizes that the installation of updates prevents possible compromise after installation, but does not prevent compromise, if it happened before the server software update, respectively, the test should be performed even if the updates were installed as soon as they were available.
“Cert.lv” invites all companies and institutions that use “MS Exchange” e-mail servers to take the considered risks seriously and perform the necessary checks. If an institution or company lacks the capacity or knowledge to perform the mentioned activities – “Cert.lv” recommends to consider the possibility of attracting specialists for outsourcing.
“Cert.lv” – Information technology security incident prevention institution in Latvia, founded in 2006, is “University of Latvia The structural unit of the Institute of Mathematics and Informatics “(LU MII), which operates in the Republic of Latvia Ministry of Defense under the IT Security Act.
–