Finally, Microsoft has released the Exchange mitigation tool that small businesses can use to protect against attacks on their emailing service. The tool would help mitigate the risk of your business falling victim to the exchange server attacks.
How the new exchange mitigation tool can help protect your business
The tool targets businesses that lack resources, and are unable to respond to the threat. So, if you haven’t yet applied the patches, or haven’t done anything to mitigate the threat, you should consider downloading the tool.
The exchange mitigation tool aims at Microsoft customers who use on premise servers.
You should consider running the tool if you have:
- Not installed the patches released in the last few weeks.
- Tried to mitigate the risk by using some or all the guidance provided by Microsoft
- Patched your systems and applied the mitigation strategies, but are yet to investigate your servers for suspicious activity
Microsoft Exchange Server attacks
The Exchange on-premises mitigation tool (EOMT) comes in the wake of a global exploitation of Microsoft Exchange Server and Outlook Web access by cybercriminals who are actively targeting businesses using Microsoft’s emailing services. By conservative estimates, these attacks have compromised hundreds of thousands of businesses already.
These attacks started making headlines on February 26, last month, when criminals started indiscriminate attacks on Microsoft customers.
Hackers were using four 0-day flaws for their attacks. These flaws allow hackers to gain administrative access to on premise exchange servers. Criminals would then download emails and the list of usernames and passwords from the victim server. Moreover, they are leaving behind a malware that allows them to create a backdoor to the victim server. The malware, known as a web shell, allows hackers to gain administrative access to victim servers.
If not removed, these web shells could be used by the criminals to access the servers from anywhere in the world. As a result, you could suffer from data breaches and malware attacks in the near future.
As per Microsoft, some criminals have already begun exploiting these backdoors to install ransomware on victim servers.
How to respond to the Exchange Server attacks
On March 2, Microsoft released patches to address the four Exchange server flaws. It released more patches on March 9 and March 12 to cover its huge customer base, including the users of Exchange 2019, 2016 and 2013. The updates include patches for Exchange 2010 as well.
Along with the patches, Microsoft has also released tools for scanning servers for signs of compromise. This is because the indiscriminate attacks that began on Feb 26, have already compromised several businesses, who now have a backdoor installed on their servers. These tools can help you identify if your Exchange servers were attacked, and if web shells exist on your network.
Microsoft Exchange On-Premises Mitigation Tool (EOMT)
On March 15, Microsoft released the EOMT to help businesses, which do not have dedicated IT security teams. The tool is particularly useful for Exchange customers, who aren’t familiar with the patching process, and were looking for automated remediation.
The tool would help to quickly protect and mitigate your servers against new attacks. But, this tool is not a substitute for patching, Microsoft warns. You still need to apply the patches as soon as possible.
Moreover, if you haven’t yet patched your systems, or investigated them for signs of compromise, then you need to run the tool immediately. The EOMT would mitigate your systems against known threats, scan your servers for malware and try to remove them.
For answers to your technical questions, you should visit the Git-hub page for the EOMT Tool. The page addresses frequently asked questions, and technical requirements as well.
As suggested above, the full extent of this threat is yet unknown. So, all Microsoft customers using the Exchange Server and the Outlook Web Access need to address this threat urgently. The Exchange on-premises mitigation tool would help you mitigate the known threats; but, don’t neglect patching.
Patch your systems as soon as possible. And, don’t delay with security precautions necessary for protecting your businesses either.