Neu Cyber Threats – 1st April 2021
An update on recent Microsoft Exchange vulnerabilities has been issued by the National Cyber Security Centre. In early March 2021, Microsoft made it public that sophisticated actors had attacked a number of Exchange servers. In response, they released multiple security updates for affected servers, which does not impact Exchange Online.
The updates were released ahead of the usual monthly update cycle because four of the seven vulnerabilities have been used in ongoing attacks and had an urgent need to be fixed. A wide variety of cyber criminal groups were using automated tools to scan for Exchange servers where updates are not installed. The malicious software installed on vulnerable servers has also been exploited by groups using different ransomware to install malware on the network which can go on the exfiltrate company data.
The affected versions of Microsoft Exchange Server are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
COVID-19 related lockdowns and remote working are believed to be two factors that are contributing towards a rise in cyber attacks on businesses over the last 12 months, according to a survey. Over 2,000 office workers in Germany and the U.K. were contacted, to better understand cyber security practices among remote workers. It found that younger employees, as well as people caring for children or other family members reported more stress in their lives, which linked to riskier IT behaviours.
For example, 67% of employees under-30 admitted they use shadow IT (unsanctioned apps, services and equipment) to help them to perform certain tasks more easily, compared to just 27% of older workers. Also, 55% of the younger group reported making more mistakes when working from home, such as copying in the wrong people into emails – in comparison, only 17 percent of the over-30s reported such mistakes.
Nearly two-thirds of the younger group (63%) stated that distractions while working from home negatively impact decision-making, compared to 26 percent of older people. All of the above points could lead to IT issues. Shadow IT services might not be the most secure to be using alongside those permitted by an employer, while if the wrong person outside of an organisation receives an email, it could lead to further problems.
Stress has been found to affect the productivity levels and availability of employees. 70% of younger employees have trouble focusing because of their stress level, compared to 29% of older workers, and 77% said they feel the pressure to be available outside of normal working hours, compared to less than half (46%) of older workers.
Businesses are advised to try and provide better emotional and personal support for their employees, who may well be under an extreme level of stress at the moment. Through an increase in communication, individual employees can be less affected by the stress of lockdown and the lack of physical contact with colleagues. By communicating further, businesses can also help reduce the likelihood of mistakes and the need for some employees to use shadow IT to cut corners.