Microsoft Exchange Hack: Cloud-Based Software Now Looks Less Scary

The massive Microsoft Exchange hack likely has CISOs rethinking their hesitance around cloud-based software.

That’s according to Roger Grimes, a defense evangelist at KnowBe4. The company has issued a warning regarding the Microsoft Exchange exploit affecting tens of thousands of accounts globally.

The attack on Microsoft‘s on-premises Exchange business email software allowed access to email accounts and installation of malware to increase hackers’ dwell time inside a system.

Attacks are targeting unpatched Microsoft Exchange servers using a new strain of ransomware called DearCry. These attacks can encrypt computer systems and demand payment from users.

Latest Findings

Check Point Research (CPR) has updated its findings on the Microsoft Exchange hack:

• The number of attempted attacks increased tenfold from 700 on March 11 to more than 7,200 on March 15.
• The attackers have targeted the United States the most (17% of all exploit attempts). They also have targeted Germany (6%), the United Kingdom (5%), the Netherlands (5%) and Russia (4%).
• The most targeted industry sector has been government/military (23% of all exploit attempts). Then comes manufacturing (15%), banking and financial services (14%), software vendors (7%) and health care (6%).

Those who are aware of the problem are patching and mitigating, said KnowBe4‘s Grimes. However, there are always people and organizations unaware of the issue or don’t mitigate it.

Furthermore, some of the most commonly exploited vulnerabilities are things that were patched 10-20 years ago, he said.

KnowBe4’s Roger Grimes

“Every announced and patched vulnerability has some percentage of people and organizations which will remain vulnerable for years,” Grimes said. “And not only do the original nation-state attackers know this, but so does every hacker who has been around a few months.”

Cloud-Based Software Looking Better

Most impacted environments are likely patched and mitigated. But how many vulnerable environments remain?

“I think a lot of CISOs are seeing this mess and thinking cloud-based software is looking better all the time,” Grimes said. “It is already cheaper and easier to budget for. No need to buy, maintain and replace physical servers and all the accompanying resources. Just pay a predictable, per-user subscription amount.”

In this case, the attack didn’t impact Microsoft’s cloud products, he said. However, even if it did, Microsoft could have patched it without having to tell or wait on anyone. Then it could have announced the issue after all the protection was in place.

“There have to be a lot of CISOs thinking, ‘Why should I continue to fight going to the cloud when it is more cost-effective and more secure with [fewer] headaches?” Grimes said. “I think you’re going to see a jump in the number of cloud subscriptions happening.”