Please fill in the form below to subscribe to our blog

Microsoft Hack Draws New Attention to Nation-State Threats

March 11, 2021

Damage from this Microsoft Hack Could Linger for Businesses as the Fallout Drops

This week’s Microsoft hack landed third-party risk in the spotlight again after suspected nation-state hackers were able to exploit flaws in the code of on-premises Exchange server software to gain access to systems and data. The company reported the incident on their blog, stating “Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.” 

Organizations around the world from huge government agencies to small businesses have been affected by this cybersecurity disaster. One of the first agencies to report that they’d been impacted was the European Banking Authority (EBA). EBA officials say that personal data may have been accessed from its servers, and that agency IT systems like its email system have been taken down temporarily for remediation. Norway’s parliament has also announced that sensitive data had been accessed and extracted there in a breach linked to the Microsoft flaws. 

malicious insider threats can include cryptocurrency risk represented by a crime comic style blue eye looking through a peephole.

Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>

While Microsoft has been strongly encouraging customers to transition their email to cloud-based technology, many companies and agencies still use physical email servers. Microsoft has now delivered patches that address the issue, but it will be too little too late for myriad users. Plus, companies may be slow to implement updates due to the complexity of Exchange’s architecture. Worst of all, the newly created patches do not remove any back door access that cybercriminals have left behind on compromised machines.

Experts anticipate many more incidents like EBA’s experience will be announced in the next few weeks, and the full impact may not be felt for months or longer. The suspected Chinese threat actors could potentially have seeded hundreds of thousands of victim organizations with tools that give them complete remote control over systems, and likely had access to sensitive data for a month or more. An estimated 30,000 organizations in the United States and 60,000 systems in Germany, including a significant number of small businesses, towns, cities and local governments, are likely victims. 

Is Cryptocurrency risk one of 2021's biggest threats

Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>

Start Mitigating Risk from the Microsoft Hack Now

This is a disaster for many organizations, made even worse because it’s a disaster that they couldn’t prevent. Researchers have identified at least 10 hacking groups exploiting this flaw. Third-party and supply chain risk is a growing problem that businesses face in an increasingly hostile cybercrime landscape. As we become more interconnected through specialization and as more data makes its way to the dark web to fuel cyberattacks, this kind of risk will only amp up. If you’re looking at this flap and wondering how you can secure your company against third-party and supply chain risk, we’ve got a few tips in mind for boosting your security fast. 

Kaseya has two tools available for customers to assess their vulnerabilities and work to mitigate this issue.

  • Exchange Proxy Logon Vulnerability Test – This Kaseya-created procedure will check exchange servers for issues identified by Microsoft for potential [CVE-2021-26855], [CVE-2021-26857], [CVE-2021-26858], and [CVE-2021-27065] vulnerabilities and reports it to the script log. If a potential vulnerability is identified, an alarm is generated for that agent. GET THIS TOOL>>
  • Microsoft Exchange Hafnium Exploit Detection App – RocketCyber has created a dedicated app to detect indicators of compromise to Microsoft Exchange Server 2010, 2013, 2016 and 2019 associated with the exploitation of the following vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. GET THIS TOOL>>

Learn How You Can Protect Your Business From Supply Chain Risk

Third-party and supply chain risk is steadily escalating, and we’ve got the data to prove it. We’ve just released an eBook that details the problem and winning strategies for securing your business and your data from third-party and supply chain risk. See statistics about the growing danger to businesses, examples of potentially risky scenarios and how to get ahead of the curve to keep your business secure when problems like this Microsoft hack land on your doorstep. Download “Breaking Up with Third-Party and Supply Chain Risk” now to get started. GET THIS EBOOK>> 

Add One Simple Tool 

We say it often, but if you’re not already using multifactor authentication (MFA) with Passly, now is an excellent time to start. Multifactor authentication stops 99% of password-based cybercrime as well as providing protection against hacking, phishing, business email compromise and other cybersecurity nightmares. With Passly, you don’t just get MFA, you also get single sign-on, automated password resets, simple remote management and more secure identity and access management tools that give a big boost to your across-the-board security posture for one low price! SEE PASSLY IN ACTION>> 

improve password security against password reuse by not using passwords on post it notes, like this picture.

Is your data really password-protected? Learn the truth in Building Better Passwords. GET THIS BOOK>>

Build Your Organization’s Cyber Resilience to Stay Out of Trouble with These Resources

The Road to Cyber Resilience

These days, it’s not enough to simply endure and survive cybersecurity threats. Businesses must be able to remain agile in the face of trouble. That’s cyber resilience. There are going to be threats that you cannot avoid, like this Microsoft hack. Over 60% of businesses fold after a cyberattack. But by making sure that your business is cyber resilient, you also make sure that it’s ready to endure whatever comes your way and not just survive but thrive. Read “The Road to Cyber Resilience” for your roadmap. GET THIS EBOOK>> 

Breaking Up with Third Party and Supply Chain Risk

Your business relationships can bring you many wonderful benefits – and just like any relationship, there will be a few challenges. Third-party and supply chain risk is a problem for every business and that danger is still growing. As information is stolen in huge ransomware incidents, it makes its way to the dark web to fuel new cyberattacks – and your company’s records and passwords for supplier accounts can come back to haunt you. Get expert advice on overcoming the challenges that your business might face in this eBook. READ THIS BOOK>>

Third-party and supply chain risk aren’t going to peter out anytime soon.  An estimated 90% of U.S. businesses experienced a cybersecurity incident like a data breach in 2020 because of a brisk created by a third-party or supply chain cybersecurity incident. Take action now to keep your systems and data safe and mitigate the risk your business is facing. ID Agent experts are ready to help, book a demo of our solutions today

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!