Last Friday QLS issued an urgent warning to all law firms which have an email server running Microsoft Exchange software.
The issue is a new form of attack which allows criminals to access the server and data on the network.
Since then, evidence has emerged that tens of thousands of businesses worldwide have been affected. The window to patch the weakness in the software is closing fast. Hackers know that:
- Once a vulnerability in a software product is discovered, a well-run business will protect their network quickly, but
- Other businesses will remain vulnerable.
Over the coming days and weeks, cybercriminals will work around the clock to find and exploit servers that have not had the free software upgrade. These attacks are now automated, allowing the criminals to target tens of thousands of businesses a day. Even small law firms in out-of-the-way places are at risk.
Once a target is identified, the criminals install a ‘back door’ into your network so they can return at their leisure. The Microsoft software patch will prevent the attackers from accessing your network the first time, but will not prevent subsequent access once a foothold is established.
The attackers have used the access to:
- copy data for pay-or-we-publish ransom attacks
- encrypt vital information
- steal usernames and passwords.
Finding and fixing an infection once it happens can be very difficult and expensive, whether any client data is stolen or not. Patching to avoid the problem in the first place is cheap and easy for any computer pro.
Action required: Ask your IT consultant whether your network runs Windows Exchange Server, and if so to ‘patch’ it as soon as they can do so.
Priority: high. You should call your IT support immediately and ask them to action the repair as soon as possible.
Resources: microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
cyber.gov.au/acsc/view-all-content/alerts/exchange-server-critical-vulnerabilities
Share this article