We have been receiving many enquiries about the Microsoft vulnerability in regard to on-premise Exchange servers. The NZ government was notified of this breach yesterday and you may have noticed many articles that have popped up in media outlets.
We wanted to let you know about this particular hack, when we became aware of it, the extent of the impact and the steps we have taken to ensure all of the businesses we work with are secure and no longer at risk to this specific vulnerability.
What is the vulnerability to Microsoft Exchange?
This breach was specifically linked to on-premise Microsoft Exchange servers so any clients with a cloud solution (such as Microsoft 365) are not impacted. It is understood, but not confirmed, that this attack originates from China and is targeting infectious disease researchers, law firms, higher education institutions and defence contractors. Some experts are suggesting that up to 30,000 businesses in the USA could be affected which is less than 0.1% of American businesses.
When did we become aware of the attack?
At OneCall we have tight security protocols in place which include monitoring several security channels as well as having Microsoft alerts in place. We became aware of this particular vulnerability on Tuesday 2nd March 2021. This is before it reached NZ media outlets.
What was our response and what is the extent of the impact?
We immediately implemented our Security Incident Response plan and mitigated the risk to affected customers, these customers accounted for less 1% of businesses we support. Follow up analysis was performed and none of these affected businesses were hacked and no data was jeopardised. If you were a business that was affected, you will have already been personally notified. If you haven’t heard from us, you can rest assured that there was no impact to your business.
Michael Shearer, CertNZ’s principal advisor for threats and vulnerabilities has stated to the media this morning that CertNZ will not comment on which NZ firms have been affected, as that information was confidential.
If you have any concerns or questions, please do not hesitate to get in contact with your OneCall Account Manager. In doing so, please be patient, as you can expect we are currently receiving higher-than-normal call volume.