Outsourced SOC help against Microsoft hack

European Banking Authority the latest to be hit by the Microsoft email server hack

A massive Microsoft cyber attack following on from the huge SolarWinds attack from last year is emphasising how important it is for organisation to extend their cyber security controls through outsourced Security Operations Centres, also known as outsourced SOC. No longer are small, in-house standalone teams able to flex to the increasing number of sophisticated attacks.

The European Banking Authority has joined over 30,000 other government and commercial organisations that have been known to be hacked due to four exploits found in Microsoft’s Exchange Server software. The hack seems to be rapidly growing in the wild, with estimates suggesting at least 60,000 plus victims globally, including small to medium sized businesses. With its rapid spread globally, it is assumed that other hacking groups are now exploiting the same vulnerabilities.

The unknown Microsoft vulnerabilities have been exploited in attacks since January. The Microsoft Threat Intelligence Center (MSTIC) has accused the Chinese state-sponsored cyber hacking group known as Hafnium.

The attack gains access to Exchange servers using unknown vulnerabilities or stolen credentials. It then creates a web shell to gain control of the server and allows access to virtual remote servers. From here, Malware can be installed, and data can be stolen.

Microsoft has now patched the vulnerabilities; however, the exploit is being treated as an ongoing active threat. The White House press secretary Jan Psaki stated, “Everyone running these Microsoft Exchange servers – government, private sector, academia – needs to act now to patch them.”.

Jo Biden’s administration is under increased pressure to react. With the massive SolarWinds attack a few months ago, and now this huge incident, experts are highlighting that cyber attacks are increasing and getting far more serious. The White House has tweeted that they are “closely tracking” the situation.

However, China has denied any involvement. A Chinese foreign ministry spokesman stated that China “firmly opposes and combats cyber attacks and cyber theft in all forms” and suggested that blaming a particular nation was a “highly sensitive political issue.”

If you’re running Exchange servers on-premise and you haven’t patched them recently, there’s a very likely chance that your organisation is already compromised. The hack does not affect Exchange Online.

Cyber security is an ongoing fight against unknown actors. With more state backing, these attacks are becoming increasingly well-funded, driving more and more complexity and potential damage. With Cyber Security talent becoming harder to find, and in-house teams becoming stretched. Contact Fundamentals First about how our outsourced Security Operations Centre (SOC) will operate as an extension to your in-house teams, providing the increased protection you require.


How an Outsourced SOC is integral to your cyber security strategy

Cyberwarfare from state-backed hackers to organised ransomware attacks, cyber security is continuing to become an increasing challenge for many organisations. In fact, the continued increasing trend in cybercrime and cyber-attacks, including breaches, phishing, access management and endpoint security attacks, contributed to an estimated 12% Compound Annual Growth Rate in cyber security IT spending by the end of 2021.

This challenge has worsened over 2020 and 2021, with many organisations having their employees working at home due to coronavirus. The mass adoption of new ways of working, the provisioning of remotely distributed networks, and unplanned IT solutions implemented at speed has opened new avenues for cyber-attacks. Reports of new malware targeting home worker systems using sophisticated machine learning to optimise the attack and evade detection have been discovered.

Many cyber security teams are facing the impossible task of securing unplanned, sprawling corporate and potentially vulnerable home networks.

With 51% of organisations being hit by ransomware in the last year, 34% are saying that lack of skilled resources is their most significant security operations issue when determining root cause of a security incident. As a result, 65% of organisations have already outsourced some or all of their cyber security controls.

Organisations with a single internal Head of Information Security, or even a small cyber security team are struggling to keep up with the advancing complexity of attacks and technology. Over half of security professionals surveyed stated that they were too busy completing business as usual daily tasks to be able to concentrate on the larger issues, like implementing improved security controls.

In recognition to this untenable situation, many companies are taking now benefit from the advantages of scaling their cyber security solution through an outsourced SOC (Security Operations Centre). An outsourced SOC can scale your cyber protection without you increasing your internal head count. It reduced pressure on HR in finding skilled cyber security experts, and delivers state of the art cyber security solutions at a significantly reduced price point.

Leave a comment

Your email address will not be published. Required fields are marked *

Contact Fundamentals First
× Contact Us