A new, aggressive hacking campaign that exploits vulnerabilities in Microsoft Exchange Server has hit as many as 30,000 U.S. businesses and government agencies. Microsoft is attributing these attacks to cyber espionage organization, HAFNIUM, based in mainland China.
FortiGuard Labs was notified right away though MAPP (Microsoft Active Protections Program). We’ve already released four FortiGuard IPS patches to protect Fortinet customers from these exploits.
What You Can Do
If you believe that your organization is vulnerable to this exploit, we recommend the following actions:
- Apply a “hot patch”, which according to Fortinet CISO Phil Quade, is the strategy of updating security devices to automatically block exploitation attempts using signatures from the threat actor’s exploit while you work to upgrade and patch devices.
- Conduct an asset inventory to identify all affected Microsoft Exchange Servers deployed in your organization.
- Run version checks to see if they have been patched.
- Apply appropriate patches where possible. Devices that cannot be patched should be secured behind a security device able to detect and prevent such an exploit.
- Apply advanced, scanning leveraging known Indicators of Compromise to detect leave-behinds and anomalous behaviors resulting from a successful breach, such as the use of an unauthorized back door.
More details on the attack and how to mitigate it are available in the full blog post. To receive future information from Fortinet, don’t forget to subscribe.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
Post a Comment