Patched Exchange to head off Hafnium? You might only be halfway to safety • The Register


Promo If you’re running Microsoft Exchange anywhere in your organisation and you’re not extremely concerned about the threat from Hafnium, you haven’t been paying attention this year.

Admittedly there’s a lot to pay attention to. The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.

The initial attack seems to have been focused on exfiltrating information from the likes of infectious disease research organisations, defence contractors and educational organisations, as well as law firms, think tanks and NGOs.

But other, more conventionally nasty attackers have gotten in on the act, using the vulns to inject ransomware and other nasties. So, you might also hear names like ProxyLogon and Exchange Marauder being bandied around.

While the initial news prompted a rare out of band wave of patches from Redmond, the bad news is that whilst these will prevent further attacks, they won’t prevent the bad guys continuing to wreak havoc if your system has already been compromised. And remember, if you’re all in on Office 365, you may still be running Exchange on-prem.

So, what are you to do? Well, information is power. Otherwise Hafnium and its camp followers wouldn’t be so keen to get their hands on yours.

But two can play at that game. Which is why you should check out this on-demand webinar from our friends over at Sophos.

This very in-depth session, features Sophos managed threat response senior director Matt Gangwer and MTR strategist Greg Iddon, who will take you through the nuts and bolts of Hafnium and its variants, because knowing your enemy is key.

They’ll also walk you through protecting your systems from future attacks as well as the necessary steps to ensure there are no existing threats steadily working through your systems, exfiltrating data or laying the path for other attacks.

And they’ll explain exactly what sort of help you can call on to protect your organisation from future associated attacks – and who to call if you realise you’ve being breached, like, right now.

Even if you’re sure you’ve got everything nailed down, it pays to know what your options are. So, to load up on this never more relevant info just point your browser here. And in the meantime, stay safe.

Brought to you by Sophos

You May Also Like…