Please fill in the form below to subscribe to our blog

Microsoft Hack Draws New Attention to Third-Party Risk

March 11, 2021

Damage from this Microsoft Hack Could Linger for Businesses as the Fallout Drops


This week’s Microsoft hack landed third-party risk in the spotlight again after suspected nation-state hackers were able to exploit flaws in the code of on-premises Exchange server software to gain access to systems and data. The company reported the incident on their blog, stating “Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.” 

Organizations around the world from huge government agencies to small businesses have been affected by this cybersecurity disaster. One of the first agencies to report that they’d been impacted was the European Banking Authority (EBA). EBA officials say that personal data may have been accessed from its servers, and that agency IT systems like its email system have been taken down temporarily for remediation. Norway’s parliament has also announced that sensitive data had been accessed and extracted there in a breach linked to the Microsoft flaws. 



While Microsoft has been strongly encouraging customers to transition their email to cloud-based technology, many companies and agencies still use physical email servers. Microsoft has now delivered patches that address the issue, but it will be too little too late for myriad users. Plus, companies may be slow to implement updates due to the complexity of Exchange’s architecture. Worst of all, the newly created patches do not remove any back door access that cybercriminals have left behind on compromised machines.

Experts anticipate many more incidents like EBA’s experience will be announced in the next few weeks, and the full impact may not be felt for months or longer. The suspected Chinese threat actors could potentially have seeded hundreds of thousands of victim organizations with tools that give them complete remote control over systems, and likely had access to sensitive data for a month or more. An estimated 30,000 organizations in the United States and 60,000 systems in Germany, including a significant number of small businesses, towns, cities and local governments, are likely victims. 


facts about cybersecurity in 2020 and looking ahead to 2021 represented by an electronic eye on a blue background with computer code.

Get expert tips to protect your business from social engineering in the webinar Mind Games 03/16/21 at 3 PM EST. REGISTER NOW>>


Start Mitigating Risk from the Microsoft Hack Now

This is a disaster for many organizations, made even worse because it’s a disaster that they couldn’t prevent. Researchers have identified at least 10 hacking groups exploiting this flaw. Third-party and supply chain risk is a growing problem that businesses face in an increasingly hostile cybercrime landscape. As we become more interconnected through specialization and as more data makes its way to the dark web to fuel cyberattacks, this kind of risk will only amp up. If you’re looking at this flap and wondering how you can secure your company against third-party and supply chain risk, we’ve got a few tips in mind for boosting your security fast. 


Kaseya has two tools available for customers to assess their vulnerabilities and work to mitigate this issue.


  • Exchange Proxy Logon Vulnerability Test – This Kaseya-created procedure will check exchange servers for issues identified by Microsoft for potential [CVE-2021-26855], [CVE-2021-26857], [CVE-2021-26858], and [CVE-2021-27065] vulnerabilities and reports it to the script log. If a potential vulnerability is identified, an alarm is generated for that agent. GET THIS TOOL>>
  • Microsoft Exchange Hafnium Exploit Detection App – RocketCyber has created a dedicated app to detect indicators of compromise to Microsoft Exchange Server 2010, 2013, 2016 and 2019 associated with the exploitation of the following vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. GET THIS TOOL>>

Learn How You Can Protect Your Business From Supply Chain Risk

Third-party and supply chain risk is steadily escalating, and we’ve got the data to prove it. We’ve just released an eBook that details the problem and winning strategies for securing your business and your data from third-party and supply chain risk. See statistics about the growing danger to businesses, examples of potentially risky scenarios and how to get ahead of the curve to keep your business secure when problems like this Microsoft hack land on your doorstep. Download “Breaking Up with Third-Party and Supply Chain Risk” now to get started. GET THIS EBOOK>> 

Add One Simple Tool 

We say it often, but if you’re not already using multifactor authentication (MFA) with Passly, now is an excellent time to start. Multifactor authentication stops 99% of password-based cybercrime as well as providing protection against hacking, phishing, business email compromise and other cybersecurity nightmares. With Passly, you don’t just get MFA, you also get single sign-on, automated password resets, simple remote management and more secure identity and access management tools that give a big boost to your across-the-board security posture for one low price! SEE PASSLY IN ACTION>> 



Build Your Organization’s Cyber Resilience 

These days, it’s not enough to simply endure and survive cybersecurity threats. Businesses must be able to remain agile in the face of trouble. That’s cyber resilience. There are going to be threats that you cannot avoid, like this Microsoft hack. Over 60% of businesses fold after a cyberattack. But by making sure that your business is cyber resilient, you also make sure that it’s ready to endure whatever comes your way and not just survive but thrive. Read “The Road to Cyber Resilience” for your roadmap. GET THIS EBOOK>> 

Third-party and supply chain risk aren’t going top peter out anytime soon.  An estimated 90% of U.S. businesses experienced a cybersecurity incident like a data breach in 2020 because of a brisk created by a third-party or supply chain cybersecurity incident. Take action now to keep your systems and data safe and mitigate the risk your business is facing.

ID Agent experts are ready to help, book a demo of our solutions today