Australian based Managed IT support offices in Melbourne, Sydney and Brisbane
Powernet Colour a VITG Company POS

Everything You Need to Know About The Recent Microsoft Hack

In a statement posted on the 2 March 2021, Microsoft shared information about a 'state-sponsored threat actor' that was identified by their Intelligence Centre (MSTIC), that they named 'Hafnium'.

Microsoft are urging customers to upgrade their Exchange environments to the latest supported version to protect themselves against this cyber threat. 

The cyber criminals behind Hafnium are targeting servers that haven't got the latest security patches installed. Keeping your computers and servers up to date with patches is an inexpensive but very important step to include in your cyber security strategy. 

What is Happening

According to Bloomberg, an estimated 60,000 businesses have been compromised under this attack, victims are not restricted to one type of business either. So far, we have seen thousands of companies targeted including, small hotels, an ice cream company, The European Banking Authority, and many individuals targeted.

According to Microsoft, Hafnium has recently engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. These exploits are discussed in details by MSTIC.

The attacks include three steps:

1. Gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access.

2. Create what’s called a web shell to control the compromised server remotely.

3. Use that remote access – run from private servers – to steal data from an organisation’s network.

What are Microsoft Doing About It?

Microsoft are urging customers to install their latest security updates, that will protect customers running Exchange Server.

It is important to note that if you have been compromised already these updates will not fix the issue.

How Do I Know if My Server Has Been Compromised? 

Microsoft has created a support page that provides information on how to scan for Hafnium logs in your system, you can view that page here.

If you are running an on premise Microsoft Exchange Server, you should operate under the assumption that you have been compromised. Patch your servers immediately, validate the patch externally then search for the presence of the web shells and other indicators listed on Microsoft's support page.

If you are concerned that your business has been compromised or would like to ensure you are protected against Hafnium, get in touch, we have a team of cyber security experts who can help.

Subscribe to our newsletter for the latest technology tips & tricks.

Recent Articles

Tags

Categories

Search the Powernet blog

Staying Cyber Safe, Top 10 Tips for Being Cyber Secure

Staying Cyber Safe, Top 10 Tips for Being Cyber Secure

The importance of Cyber Security What is Cyber Security – Cybersecurity is the practice of protecting computers, servers, electronic systems, […]

Read more
Getting the most out of Microsoft Teams, our top 10 tips

Getting the most out of Microsoft Teams, our top 10 tips

What is Microsoft Teams? Microsoft Teams is a valuable workplace tool, keeping employees connected and organised. It drives productivity and […]

Read more
Empowering Efficiency: The Rise of Business Process Automation

Empowering Efficiency: The Rise of Business Process Automation

Staying ahead of the technological curve in today’s fast paced landscape is essential. The concept of engaging a vCIO has […]

Read more

We are well awarded

Reach our team

We’re always happy to help you find the right solutions to your IT and technology needs. Here are some ways to contact us.

Give us a call

Chat with our team to discover the best IT solutions for your organisation.
1300 892 692

Our locations

Melbourne CBD

Level 15 / 565 Bourke Street, Melbourne VIC 3000

Eastern Melbourne

Level 2 / 74 Doncaster Road, Balwyn North VIC 3104

Geelong Region

East 4/13-35 Mackey Street, North Geelong VIC 3215

Sydney

U18 / 23-31 Bowden Street,
Alexandria NSW 2015
(02) 8214 8855

Brisbane

7/9 Archimedes Place, Murarrie QLD 4172

Send us an enquiry

cross