Many people dream of becoming entrepreneurs, and often the biggest...
Letting technology do the heavy lifting for certain monotonous tasks...
Accurate accounting is the bedrock of any successful...
Distinguishing between independent contractors (1099) and employees (W-2)...
March 20, 2021
In early March, Microsoft divulged that hundreds of thousands of its Exchange email server systems around the world had been hacked by a type of malware disguised as legitimate software called a Trojan horse. The hack allowed cybercriminals to remotely take full control of on-premises Exchange Servers and all their data, and according to Microsoft they originated from a China-based threat actor called Hafnium.
Just three months earlier an equally far-reaching Russian attack was discovered, and the joint effect of the two closely occurring hacks has caused a crisis for cybersecurity emergency responders. While Microsoft quickly issued security patches to address the email server vulnerabilities for Exchange Server 2013 to 2019 and for Exchange Server 2010, the company advised that all businesses running Exchange Server must first probe their systems for TTPs — tactics, techniques and procedures and IOCs – to identify any malicious activity.
Meanwhile, officials from the U.S.’ Cybersecurity and Infrastructure Security Agency warned that the patches would only fix vulnerabilities but would not shut any “backdoors” that the hackers left behind.
Microsoft said it has for some time been urging customers to switch their email to cloud technology, and those companies were unaffected by this hack. The vulnerabilities involved affected only physical Microsoft Exchange email servers, but they are still used by an array of companies and agencies.
The organizations that do employ Microsoft’s Exchange software on in-house servers tend to be small- to medium-size. They often lack the cyber resources and response capabilities to discern whether they or any of their vendors may have been victimized and what data may have been stolen or accessed.
In total, an estimated 60,000 U.S. organizations were affected by the hack from Feb. 26 to March 3, according to an estimate from former Cybersecurity and Infrastructure Security Agency director Chris Krebs. These firms run the gamut from universities to think tanks, from government agencies to infectious disease researchers, essentially any entity choosing to use Microsoft Exchange as their email service.
if your business or organization doesn’t use Microsoft Exchange at all, you’re not affected and can stop worrying — for example, if your organization uses Google GSuite for email you are safe. But for those who are using Microsoft Exchange, unfortunately patching the flaws comprises just one part of the recovery.
Cleaning up after the hackers will likely be a significant challenge and is predicted to prompt businesses currently without cybersecurity expertise and response capabilities to procure such services moving forward, particularly to reduce their exposure to legal claims. Meanwhile, security experts are urgently trying to reach tens of thousands of victim organizations to advise that whether your server has been patched or has been hacked, you must immediately backup any data stored on those servers.
Cybersecurity experts say the hack will lead companies to spend much more on security software and to adopt cloud-based email rather than run their own in-house email servers.
In addition, in response to this and other high-profile attacks, the Department of Homeland Security and the National Security Agency are recommending that government entities and high-risk businesses adapt a Protective Domain Name System to strengthen security and thwart attacks.
PDNS entails using a private security firm to monitor and filter internet traffic and uses existing DNS protocols to analyze queries and mitigate threats. The recommendation came to fruition after a Department of Defense study conducted in conjunction with the NSA in which defense experts introduced protections to DNS on computer systems in the defense industry beginning March 2020.
Our team is made up of seasoned professionals who bring years of industry experience to the table. You gain a trusted advisor who understands your business inside out.
Say goodbye to the hassles of hiring, training and managing in-house finance teams. You will never have to worry about unexpected leave of absence or retraining new employees.
Whether you’re a small business or a global powerhouse, our solutions scale with your needs. We eliminate inefficiencies, reduce costs and help you focus on growing your business.
Accurate accounting is the bedrock of any successful business operation. Yet, medium-sized businesses—those that have grown beyond the small-business stage...
Distinguishing between independent contractors (1099) and employees (W-2) is a pivotal compliance matter for U.S. businesses. Misclassification can result in...
Spring symbolizes renewal, making it an apt metaphor for startups aiming to secure fresh capital to fuel their next growth...
Payroll is more than just issuing paychecks—it’s a complex, high-stakes process that can significantly impact employee satisfaction, legal compliance, and...
For startups seeking sustainable growth, every quarter provides a treasure trove of data—but Q2 data can be particularly revealing. By...
By the time Q2 rolls around, many startups have a clearer picture of their performance and market positioning compared to...
For many startups, the summer months can be a dual-edged sword. On one hand, warmer weather and looming vacations can...
Tax season often triggers stress and complexity—especially for startups laser-focused on building products, acquiring customers, and scaling operations. Yet savvy...
The halfway mark of any given year is more than just a date on the calendar; it’s a valuable checkpoint...