Patched Exchange to head off Hafnium? You might only be halfway to safety

Patched Exchange to head off Hafnium? You might only be halfway to safety

Promo If you’re running Microsoft Exchange anywhere in your organisation and you’re not extremely concerned about the threat from Hafnium, you haven’t been paying attention this year.

Admittedly there’s a lot to pay attention to. The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.

The initial attack seems to have been focused on exfiltrating information from the likes of infectious disease research organisations, defence contractors and educational organisations, as well as law firms, think tanks and NGOs.

But other, more conventionally nasty attackers have gotten in on the act, using the vulns to inject ransomware and other nasties. So, you might also hear names like ProxyLogon and Exchange Marauder being bandied around.

While the initial news prompted a rare out of band wave of patches from Redmond, the bad news is that whilst these will prevent further attacks, they won’t prevent the bad guys continuing to wreak havoc if your system has already been compromised. And remember, if you’re all in on Office 365, you may still be running Exchange on-prem.

So, what are you to do? Well, information is power. Otherwise Hafnium and its camp followers wouldn’t be so keen to get their hands on yours.

But two can play at that game. Which is why you should check out this on-demand webinar from our friends over at Sophos.

This very in-depth session, features Sophos managed threat ..