Date: March 10, 2021
Time: 10:00 - 11:30 AM CT
Cost: $269 per registration/location. Space is limited.
Presenters: SBS CyberSecurity Panel of Experts
Honey Shelton, CEO, Chad Knutson, President/CISO, and Buzz Hillestad, Senior VP/DFIR Lead | Read bios.
Time is of the Essence! March 2, 2021 Microsoft released four emergency updates for its Exchange Server email software which will prevent further networks from being compromised by this attack. These vulnerabilities do not seem to affect Microsoft’s Cloud Email systems but if you host Microsoft Exchange or outsource hosting Exchange to a third party, you need to take action immediately.
Multiple hacking groups are hijacking vulnerabilities to backdoor unpatched servers. Reportedly, the hackers are gaining access by exploiting the recently fixed zeroday vulnerabilities or by using compromised administrator credentials. Researchers have cautiously noted that simply installing the emergency patches Microsoft issued less than a week ago would do nothing to disinfect servers that have already been backdoored. If a hacker’s webshells and/or any other malicious software have been installed they will persist until it is actively removed, ideally by completely rebuilding the server.
Many small-medium sized banks, utilities, and various privacy-sensitive companies are among the businesses adversely impacted by this vulnerability. “Several of our clients have reached out to us in need of emergency digital forensic incident response services in the last 72 hours, time is of the essence,” says Chad Knutson, President, SBS CyberSecurity.
Currently, it is being reported that attacks against these vulnerabilities have been seen back as early as January 2, 2021. Hacking activity has dramatically increased since the release of the security updates from Microsoft and will likely continue until the majority of the vulnerabilities are patched. Successful exploitation of these vulnerabilities allows an attacker to gain access to the emails hosted in exchange and take control of an organization’s network.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued both an Emergency Directive (ED) 21-02 and Alert AA21-062A regarding these vulnerabilities. In our webinar, we want to review the vulnerabilities identified, explore the latest emergency patches by Microsoft and discuss important actions you must take immediately:
- Apply Microsoft Exchange updates
- Activate your Incident Response Plan
- Search for known IOCs “Indicators of Compromise” and immediately respond accordingly
- If you outsource Exchange, it is urgent you contact your vendor
- Ascertain any critical vendors affected and if so, identify risks and threats to your network
Additional steps to consider:
- Conduct internal and external Vulnerability Assessments for any additional weaknesses or risks
- Conduct a comprehensive Network Security Audit to determine the need for additional system hardening and layered security control improvements
- Deepen your expertise and awareness by conducting a Mock Tabletop exercise to see how you would have responded.
Who Should Attend: All officers, managers and team members responsible for Information Security, Vendor Management and Risk Management. Executive management needs to attend to become well informed of the magnitude of potential compromise. Share this webinar with clients, executives or Board of Directors who could benefit from a greater understanding of the overall impact this vulnerability could have on their businesses.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.