https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Getty Images

Sponsor Content

Microsoft Exchange

What the Recent Microsoft Exchange Vulnerabilities Mean for Channel Partners

  • Written by Sophos Guest Blogger
  • April 21, 2021
Here are steps partners can take to protect against Microsoft Exchange exploits.

During the last month, reports of cyberattacks targeting vulnerabilities affecting Microsoft Exchange servers have continued to make headlines. It all started when the CISA issued an alert that Hafnium, a threat actor believed to be a nation state, was exploiting these zero-day vulnerabilities in Exchange.

Since then, cybercriminals have used these Microsoft Exchange vulnerabilities as a way to launch a variety of nefarious campaigns. Most recently, SophosLabs found that cybercriminals were using a compromised Exchange server to host a malicious Monero cryptominer payload, while leveraging the ProxyLogon exploit to target other vulnerable servers. Before that, ransomware operators took advantage of the same ProxyLogon vulnerabilities to launch DearCry and Black Kingdom ransomware attacks on organizations and extort them for payment in exchange for returning access to their files.

So, if Microsoft has issued patches for these Exchange vulnerabilities and the CISA is urging organizations to patch on-premises Exchange Servers, why are these attacks still happening?

Unfortunately, many organizations have still neglected to patch their systems or perform security scans to see if attackers are in the systems, leaving them exposed as easy targets for these various attacks. The time to act and eliminate these vulnerabilities from cybercriminals’ toolboxes is now, and there are a few ways that channel partners can help.

Steps Partners Can Take to Protect Against Exploits

First and foremost, partners can and should play a key role in making sure customers are patching all on-premises Microsoft Exchange servers in their environments with the relevant security update. Details can be found on Microsoft’s Exchange Team blog. However, it is important to note that even with the patches installed, this will not address the presence of any malicious web shells.

If a customer believes the organization has been exposed, channel partners should consult the Sophos MTR team’s step-by-step guide on how to search a customer’s network for signs of compromise. After patching or disabling servers that could potentially be exploited, Sophos recommends:

  • Determining possible exposure by downloading and running the Test-ProxyLogon.ps1script provided by the Microsoft Customer Support Services team
  • Looking for web shells or other suspicious .aspx files
  • Using a query to identify potential web shells to investigate, check patch level of your servers, and look for suspicious commands
  • Establishing impact by Review process activity and command executions from the time the web shell was created, onward

Leveraging Threat Hunting to Avoid a Scare

Threats such as Hafnium are a great example of a situation in which having an elite team of threat hunters and response experts to back your organization can offer peace of mind. When the Hafnium news first broke, the Sophos Managed Threat Response (MTR) team immediately began to hunt and investigate in customer environments to determine if there was any activity related to the attack. Additionally, it looked to uncover any new artifacts or IoCs related to the attack that could provide further protection for all Sophos customers, and has been tracking all new threats closely since.

The 24/7 nature of Sophos MTR meant that not a single second was wasted before the team got to work, ensuring our customers were protected. If a non-MTR customer is seeing signs that they may be experiencing related adversarial activity, Sophos recommends they contact the Sophos Rapid Response team immediately.

This guest blog is part of a Channel Futures sponsorship.

Tags: MSPs Best Practices From the Industry Intelligence Security Sophos Sponsor Content

Most Recent


  • Revamping
    4 Signs You Need to Revamp Your Channel Partner Program
    Flexible partner programs are key to accommodate different business models, maximize opportunity and balance costs.
  • ThreatLocker Zero Trust World Day 2 2023 Feature
    Zero Trust World 2023: ThreatLocker Unleashes Ops Threat-Detection Tool
    ThreatLocker also will be rolling out a new portal.
  • Layoffs
    Telecom-IT Layoff Tracker 2023: Cisco, RingCentral, Microsoft, 8x8, Sophos, More
    The onslaught of layoffs is bleeding over into this month.
  • Job Cuts
    January's Tech Layoff Scourge: Deep Dive Into Channel Impact
    We break down the seemingly daily layoffs impacting various companies doing business in the channel.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 5G
    5G: Revolution or Evolution?
  • M&A
    Why All MSPs Need to Understand the M&A Landscape
  • hurricane season
    4 Things MSPs Should Consider When Prepping for Hurricane Season
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Juniper Networks Shows ‘Swagger’ with Ambitious Growth Strategy

February 3, 2023

Zero Trust World 2023: ThreatLocker Unleashes Ops Threat-Detection Tool

February 2, 2023

Telecom-IT Layoff Tracker 2023: Cisco, RingCentral, Microsoft, 8×8, Sophos, More

February 2, 2023

Industry Perspectives

View all

How to Break Through the Growth Ceiling

February 1, 2023

5 Things to Look for in a UC Partner

January 31, 2023

The Benefits of Hiring an Investment Bank

January 30, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

How To Boost Your Business With White-Label UCaaS

February 28, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

Read about @coxbusiness' acquisition of @Logicworks. dlvr.it/Shty4t https://t.co/3MaKai6SVr

February 3, 2023
ChannelFutures

Where in the world are the top MSPs?? Take a look at the infographic breakdown of 2022 #MSP501 winners by region >>… twitter.com/i/web/status/1…

February 3, 2023
ChannelFutures

.@SovosCompliance offers tips for how and when to revamp #partnerplans. dlvr.it/ShtDgv https://t.co/vPzajXnjee

February 3, 2023
ChannelFutures

Day 2 of #ZTW: @ThreatLocker unveils new Ops threat detection tool. dlvr.it/Shs93Y https://t.co/dAnj6IUiF2

February 3, 2023
ChannelFutures

.@broadvoice appoints a channel vet as new program leader. Before joining the company, he had risen through the ran… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

More activity over at @Pax8 (which just hired @RobTRae): the #cloud marketplace firm has purchased @BamBoomCloud.… twitter.com/i/web/status/1…

February 2, 2023
ChannelFutures

.@SamsungMobile launches #GalaxyS23 phones, new #GalaxyBook3Ultra at Samsung Unpacked. dlvr.it/ShrW8G https://t.co/DloltwdMsE

February 2, 2023
ChannelFutures

The new partnership between Channel Futures and @ITExchangeNet is poised to benefit the partner community.… twitter.com/i/web/status/1…

February 2, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X