FBI Accesses Private Servers To Eliminate Remnants Of The Microsoft Exchange Hack

Microsoft discovered zero-day vulnerabilities in certain versions of Exchange, which could be extremely dangerous if left unaddressed. In order to rectify the situation quickly, the FBI has accessed thousands of private servers to deal with leftover, dangerous code.

Microsoft has reported the discovery of a series of zero-day vulnerabilities within its Exchange environment, for which they have released emergency security updates and patches. These vulnerabilities put thousands of email servers used by organizations around the world at risk of infection with a range of malware types.

Recently, it was reported that the FBI has been mitigating the long term damage of this hack by directly accessing private servers. Check out our latest video to learn more:

How Did This Hack Occur In The First Place?

Assumed to be the work of Chinese state-affiliated cybercriminals, these exploits could have had serious consequences if left unaddressed. Fortunately, Exchange Online (hosted in Microsoft 365), was not affected by this incident. The vulnerabilities only affected on-premise Exchange Servers 2010, 2013, 2016, and 2019, for which Microsoft released emergency patches.

Even so, it’s likely that many unaware users would not apply the security patches promptly.  Furthermore, the attack has also left malicious code behind that could further endanger users. These tools, known as “webshells”, were hidden by hackers in order to give them easy access after the fact.

How Is The FBI Involved?

The Department of Justice recently made public the FBI’s efforts to eliminate these webshells on users’ systems on their behalf. While this would normally be outside of the FBI’s jurisdiction, the vulnerability was deemed dangerous enough to get the Department of Justice a warrant for these activities.

Since then, the FBI has been accessing private servers in order to clean up the hack. This helps to mitigate the chance that unpatched systems would endanger unaware users.

While this is not the first time the FBI has had to take direct action to address a cybercrime incident, it’s the first of its scale. In the past, the FBI has hacked citizens’ computers to remove code that puts them at risk.

If you’re worried about the precedent this sets for the FBI’s right to access private citizen’s computers, you’re not alone. This latest incident could set a stronger precedent for the FBI to take direct action in future situations like this, especially as foreign state hacking teams become more effective and more active.

Why Is Patch Management So Important?

The fact is that the most common way cybercriminals get into a network is through loopholes in popular software, applications, and programs. That’s why patch management is so important.

Despite how advanced modern software is, it is still designed by humans, and the fact is that humans still make mistakes. That’s why much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users. This is why it’s important for you to keep your applications and systems up to date.

Get in touch with the Parkway Tech team to discover how we handle patch management for our clients.

Written by Chris Michalec posted on May 5, 2021

If you are thinking of switching IT companies but aren’t sure where to start, contact us now.