On Wednesday, the Michigan State Police's Michigan Cyber Command Center warned entities who host on-premises Microsoft Exchange servers of a newly identified, significant and active threat to network security.
Last week, security researchers uncovered multiple vulnerabilities with on-premises Exchange servers and Microsoft released patches to fix the vulnerabilities. Before patches were available, malicious actors began to exploit the vulnerabilities, according to an MSP press release. Any organization hosting an on-premises Exchange server that has not been updated has a high likelihood of already being victimized.
Cloud-based Microsoft email is not affected by these vulnerabilities. Microsoft Exchange is a platform used to host email services for many businesses and enterprises.
Officials from Missaukee County, Wexford County and the City of Cadillac said informed the Cadillac News emails were not impacted by the hack. Both Wexford County and Cadillac said they made the switch to the cloud-based service.
As recommended by Microsoft and the Cybersecurity and Infrastructure Security Agency, the cyber command center encouraged any agency utilizing an on-premise Microsoft Exchange server to take immediate action to install the patches and then work with their information technology team to investigate any potential unauthorized access to their servers.
The vulnerabilities allow a remote attacker to access vulnerable email servers, the emails stored on them, allow for the installation of additional malware, harvest passwords and facilitate long-term access to victim environments. Additional information about this vulnerability can be found at www.cisa.gov/ed2102 and www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/.
Any entity in Michigan with evidence of a compromise related to this vulnerability or other malware activity should report it to the Michigan Cyber Command Center at 877-MI-CYBER or the FBI’s Internet Crime Complaint Center at www.ic3.gov.
