The Microsoft Exchange Hack: Law Firms are a Major Target
FREE WEBINAR EXPLAINS THE ATTACK AND WHAT YOU CAN DO
On March 2, Microsoft released emergency security updates to plug multiple zero-day security holes in Exchange Server versions 2010 through 2019 that hackers were actively using to siphon email and compromise environments. Additional details have revealed that law firms are among the hackers' key targets.
KrebsonSecurity described the attack like this:
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed “Hafnium,” and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
In the three days since then, security experts say the same Chinese cyber espionage group has dramatically stepped up attacks on any vulnerable, unpatched Exchange servers worldwide.
In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.
Speaking on condition of anonymity, two cybersecurity experts who’ve briefed U.S. national security advisors on the attack told KrebsOnSecurity the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing approximately one organization that uses Exchange to process email.
According to KnowBe4, Savvy’s security awareness training partner, literally hundreds of thousands of organizations globally have been affected by this Exchange mass hack and now may be victims to multiple cybercrime groups.
Whether your law firm is running Exchange itself or receives emails from organizations using Exchange servers, the risk has just skyrocketed.
Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist has created a special security alert webinar to share critical insights about the Microsoft Exchange attack and what you can do about it.
Details about the hack and defense strategies
What makes this so different from other mass attacks
Why “trusted third-party phishing” makes your organization a target whether you run Exchange or not
What you need to do now to protect your organization
Savvy is trying to get the word out about this webinar to as many law firms as possible because of the huge potential for attack and the vulnerabilities that you face. Now, more than ever, your attorneys and staff could be targeted by criminals using “trusted third-party phishing” attacks.
In a nutshell, due to the nature of the Exchange hack, criminals have seized control of Microsoft Exchange servers around the world.
EVEN IF YOUR LAW FIRM DOES NOT USE MICROSOFT EXCHANGE, YOU UNDOUBTEDLY RECEIVE EMAILS FROM CLIENTS WHO DO. AND THAT MEANS THE EMAILS COMING FROM THEIR SERVERS MAY ACTUALLY BE COMING FROM A CHINESE HACKER. BUT HOW WILL YOUR USERS KNOW THE DIFFERENCE?
I have never typed in all caps before in our blog. This is THAT important.
If you need to train your users to identify malicious, fake emails, contact Savvy today. We can run a free phishing test to see how phish-prone your users are. Using that information, you can decide how critical it is for your law firm to conduct security awareness training. You can also book a demo using Calendly, finding a time and day that work for you.
Stay safe out there!