Another zero-day attack. Another 60,000+ businesses and government agencies hit. Another massive, successful assault on “protected” data. More ammunition gathered for unknown offensives that, rest assured, will come. Web shells lie in wait, undetected. The January 2021 Hafnium attack against on-premises Microsoft Exchange servers has turned into a global free-for-all hack against businesses of every kind. Microsoft identified Hafnium as the instigator, but now multiple groups that pose advanced persistent threats (APTs) are wreaking as much widespread havoc as they can. It’s happening right now.
Although Microsoft rolled out patches on March 2, a fast response for this level of attack, many IT departments are still in the process of implementing the patches and taking other steps toward mitigation. Systems that remain unpatched may be facing an existential crisis. Systems that are patched but remain compromised face dire threats as well, including remote code execution (RCE), server hijacking, backdoors, and data theft and deletion.
Global and Local Disasters Pose Escalating Threats to Data
Hafnium is the latest in a long line of cyberattacks. It’s difficult to scan the news headlines and not see a story about a recent assault to mission-critical data and Personally Identifiable Information (PII) on a global, national, or local level. Many who had never before heard of SolarWinds have, by now, said its name at the dinner table, lamenting about how the company’s customers fell victim to the same vulnerability that led to data breaches at several federal agencies.
Of course, massive cyberattacks are among the many hazards organizations face with regards to data protection. Natural disasters, regional threats, and even good old-fashioned human error create points of exposure for companies of all sizes. Albeit local in origin, the distributed nature of business means that the impacts of these catastrophes reach far and wide. We recently blogged about the fallout that the state of Texas endured from winter storm Uri, and how this created disruption and hardship on mid-sized enterprises—all which could have been prevented.
The constant, irreplaceable ally for any organization — amid ongoing cyberwar hacks, human-caused or natural disasters, blazing infernos, or monstrous snowstorms — is to have a backup and disaster recovery plan, and to revisit and revise that plan frequently. Cybersecurity protections and enhancements are a business’s armor, but with so many attack vectors part of operational reality, every business should count on being hit. The right backup and DR approach will be what saves the day and rescues the bounty of critical data.
Unlimited, Cloud-based Backup is Every Business’s Cavalry
The best approach for an organization to cope with the aforementioned threats, especially the Hafnium Microsoft Exchange Server attack, is to assume that its environment is compromised and that hackers have already executed remote code, expanding vulnerabilities. “The reality is that Microsoft is as safe as it gets. But every service provider, every cloud, every data center, every SaaS, and every company are susceptible because code can be infiltrated and humans can be tricked,” said Infrascale CEO Russell Reeder.
In the face of active, ongoing threats, backup and disaster recovery solutions are the final line of defense for businesses, the ultimate allies in a fight where few will walk away unscathed. Many companies are considering moving off self-hosted Exchange and into the cloud (Microsoft 365). They may even be accelerating their plans in light of the recent hack. For those customers – don’t forget backup! Infrascale Cloud Application Backup (ICAB) for Microsoft 365 provides unlimited SaaS data backup history for Microsoft 365 mailboxes, OneDrive, SharePoint. ICAB mitigates the risk of data loss from human error, data corruption, gaps in retention policy — and from malware or ransomware like that tucked into systems through the Hafnium attack.
Choosing to implement SaaS solutions (in the cloud) can help ensure that up-to-date patches are in place as soon as they are issued. While the Hafnium attack has not impacted Microsoft Exchange Online subscribers, cloud-based systems are not invincible. “No one knows when the next zero-day attack will affect a cloud-based email system and no one knows when their mission-critical data will be ransomed or deleted,” cautioned Reeder.
To ensure the best possible outcome in the face of global cyberattacks and local disasters alike, whether an organization’s systems are on premises, in the cloud, or in a hybrid arrangement, the best offense is a strong defense. Companies must create backup and disaster recovery plans that are right for them and modify these plans as needed.
For help in customizing a plan to suit your data protection needs, connect with an Infrascale expert here.