Varonis comment on Exchange email hack
March 2021 by Varonis
Following the news that the Exchange email hack is more severe than initially thought, Matt Lock Technical Director at Varonis comments the following:
“It’s a safe assumption that this zero day attack hit far more companies than have been reported. It could take several months or even years for a true tally of the damage to come to light. What should companies do if they were operating an affected version of Exchange? Take stock of your environment — understand where you have Exchange servers and accounts, and work carefully to identify all the instances of Exchange that may still be live. Then, patch - but patching doesn’t mean you’re out of the woods. Remember, the zero day may have allowed attackers inside your network, or they may have left a way to get inside later. You must find and remove web shells and other IOCs left on servers that could allow a hacker onto your network in the future. Investigate all unusual events related to any Exchange servers. Even if everything looks fine, you need to ensure you don’t have an intruder in your environment — and that calls for the cyber equivalent of checking in the closet and under the beds. The worst thing you can do is sit still and wait”.