Lets not beat around the bush – this is a serious hack, with serious implications for business that do not take immediate action. By the time Microsoft became aware of the problem, systems has already been compromised. The only remediation for businesses running affected software was to apply the patch provided by Microsoft and then scan the systems for potential backdoors that might allow hackers to continue to access infected servers.
Geek-Guru became aware of the hack on Monday 8th March (along with the rest of the world). Within 24 hours we had applied the patch to all clients running affected systems. We found a number of systems that had indeed been compromised and took immediate action to prevent data loss or downtime for those clients. As new information was released by Microsoft, we then monitored all potentially impacted systems for further signs of breaches. Thankfully, due to these quick actions our clients have suffered no loss of data and all impacted systems are now secure from future issues.
The hack only impacts onsite Exchange servers (i.e. Microsoft email servers) and does not impact Office 365 or other cloud email systems. Many SME clients have already migrated to Office 365, which is great but does not completely remove the threat. We continually take on new clients that have had poorly executed migrations performed to Office 365, leaving vulnerable email systems languishing onsite. It is not enough to move email functionality to the cloud, the onsite email server that replaces must be fully decommissioned. The most dangerous IT system is the one you don’t even know you have and the majority of businesses in this situation believe they are safe.
Defence in depth is possibly the most overused expression in IT security, but it could not be more appropriate to this hack. Defence in depth means businesses adopt a layered IT security strategy covering several, potentially overlapping, security and compliance controls – a bit like the skins of an onion with your data in the very middle. These controls may be a combination of processes, policies and technology that compliment one another to provide a harder target for hackers. By overlapping security controls, the failure or breach of one control may be either completely or partially offset by another. Our experience is that clients running layered security systems, including unified threat management firewalls and intrusion detection and prevention systems, have suffered significantly less impact from this hack than clients running basic business routers.
Tim Goldfield CISSP, CIPP/E, CIPM