Tens of thousands of organisations across the globe are estimated to have been impacted by the attack. To date, malicious software has been found on 2,300 machines in the UK.
If your organisation is using its own physical server and Microsoft Exchange Server 2013, 2016 and 2019, then your company would have been vulnerable to the attack. Those using Microsoft’s cloud server service, Exchange Online, were not affected. The breach was what is known as a zero day exploit.
What is a Zero Day Exploit?
First, we need to understand the definition of a zero day vulnerability. This is when a vulnerability is maliciously exploited before a patch is made. In many cases, vulnerabilities are discovered by the “good guys” and are kept in secret until a patch is pushed out, avoiding any security breaches. However, in some cases it is more ethical to publicly announce vulnerabilities so users can avoid them. In many cases, exploits are found and executed on the same day as the announcement.
If the vulnerability is discovered and exploited by attackers before the patch is released and applied, this is known as a zero day exploit.
How the Microsoft Attack Occurred
In Microsoft’s case, there is speculation over a possible leak of sensitive information that was privately disclosed to its security partners before the patch was released. Some of the code being used by Advanced Persistent Threat (APT) groups and ransomware attacks on this vulnerability has similarities to the Proof of Code that Microsoft shared with partners earlier this year.
What To Do Now
Microsoft responded swiftly to release a patch that will protect customers from the attack. This patch should be applied when you update your software. If you have an automated endpoint management tool in place, such as that included with the baramundi Management Suite, then patch updates are automated immediately upon patch release, without you needing to take any action.
An important note: this patch will be effective in stopping future security breaches; however, it does not eradicate the risk you have already breached. For this reason, it is crucial to conduct a full systems check that will reveal existing vulnerabilities on your systems and provides you with a detailed report about the severity and available remediations.
We recommend that you conduct a vulnerability scan immediately to identify existing vulnerabilities within your network. Luckily, the barramundi Endpoint MOT has you covered with a free of charge systems check currently available.
The 2021 Challenge in Cybersecurity
Sadly, attackers have been taking advantage of the current stress on the healthcare system to target global healthcare organisations. There was a 45% increase in attacks within the sector at the end of 2020, and the issue is continuing in 2021.
Exacerbating this challenge is the increased number of health workers who are using their own devices. Companies can very easily lose track of the numerous endpoints on a network. Endpoint management is often considered the front line of defence for your network and is taken very seriously. However, it can be destroyed in seconds by the increasingly common “bring your own device” or BYOD. Introducing unmonitored devices onto a managed network immediately breaks down its defence, and the pandemic has only catalysed this due to the jump to working from home.
Don’t put your network at risk.