Channel Island businesses using Microsoft Exchange Server are being urged to watch out for malware after a flaw in Microsoft’s email software was exploited by hackers compromising thousands of sites.
While Microsoft has since released patches to update the software which exposes the vulnerabilities, Logicalis says many systems were unfortunately compromised before the patch could be applied.
Tom Bale, Business Development and Technical Director, said over 170,000 sites were vulnerable to this attack.
"While the attack may have started as an attempt to steal information from think tanks, higher education institutes, defence contractors, and infectious disease researchers in the USA, it has gone global. Organisations in the Channel Islands using Microsoft Exchange servers for emails are vulnerable. All internet facing Exchange servers should be patched if not already done so," he added.
Pictured: Tom Bale, Logicalis' Business Development and Technical Director.
“Unfortunately patching is too late if an organisation has already been compromised. You need to find out if your systems have been compromised and secure them appropriately. If these systems have been compromised, they need to be isolated, forensics applied and ultimately rebuilt. Being compromised is serious as data and credentials may have already been stolen.”
Software may have been compromised as early as January, with Microsoft warning of attacks to corporate and government servers and releasing updates earlier this month. The four vulnerabilities disclosed by Microsoft do not affect Exchange Online, the cloud-based service used in Office 365 Packages. However, hackers may use stolen data to craft targeted phishing attacks on any business or organisation.
“Attacks such as this remind us all we are vulnerable, whatever the size or location of our business or organisation," Mr Bale said. "In some ways, this may prompt more organisations to move to cloud-based email servers with automated security and identity management to make monitoring and maintenance more straightforward. Even if your organisation has not been affected, everyone needs to be aware of the increased risk of phishing attacks because of the potential of mass data breaches.”
Pan-island IT services company Next Generation IT (NGIT) said it has had to work through the night recently to protect local businesses affected by the issue.
Director Jason Connolly explained: “The news that there were significant compromises in the Exchange email system meant all hands to the pump as speed is key to ensure important data stays protected.
“Microsoft Exchange Server is an email inbox, calendar, scheduling and collaboration platform used by many businesses across the islands. I am pleased that the swift actions taken by our technical engineers and consultants in implementing patches and working with clients has meant none experienced any issues.”
Mr Connolly added that NGIT had recently invested in multiple data centres across the islands, allowing it to offer full carrier resilience (both JT and Sure), encryption at rest and business continuity.
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.
Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.
There are no comments for this article.