The Latest in the Chinese Exchange Email Server Attacks and How to Keep Your Data Safe

Server Attacks

The Chinese government has stolen personal information from an estimated 80% of Americans. Source: National Counterintelligence and Security Center.

For years, the Chinese government has been putting out fires regarding their alleged harvesting of consumer and corporate data in the United States. It seems every few months we hear of another scenario in which China is trying to illegally gather our data, often from Microsoft Exchange email servers. The latest report regarding Chinese cyber security news comes as of late August in which the Chinese government is accused of attacking Exchange servers to aide in their creation of Artificial Intelligence. What is the Microsoft Exchange server? Microsoft Exchange hosts a wealth of potentially sensitive information, including received and sent emails, as well as contacts, and calendar data. All of which could very likely contain personal information, hence why this breach could be so detrimental to anyone affected, whether it be on the corporate or consumer end.

Would I be affected by the Microsoft Exchange server hack? Find out here

Let’s start with the attack itself, server access was gained through exploitation of a few coding errors, and since the network is connected to the internet and managed on premise that’s all the hackers needed to obtain control. Once they locked onto a target, they embedded code that tricked the server into requesting information so the servers on the other ender perceived the requests to be authorized. According to NPR, both the White House and Microsoft have said unequivocally that Chinese government-backed hackers are to blame. Kiersten Todt of the Cyber Readiness Institute said the following, “We don’t know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success.”

The Chinese government launched a similar attack earlier this year but was believed to not have actually been harvesting data, just observing. This latest attack has been confirmed to be actual data gathering, adding another level of concern. Some sources believe that the information gathered prior to this attack was what could have potentially aided in the current accessing of information.

A quote from William Evanina who is the former director of the National Counterintelligence and Security Center is as follows, “The Chinese have more data than we have on ourselves.”

The group responsible for the attack is known as Hafnium, and typically targets government agencies, higher education, and medical facilities. Microsoft released a blog stating, “This is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society; other activity we disclosed has targeted healthcare organizations fighting Covid-19, political campaigns and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences.”

Although we’d like to believe our information isn’t getting harvested illegally like black market produces, the fact of the matter is that as we begin to share more and more across websites and applications it’s imperative that we not be careless when it comes to securing our information. Here are a few steps we can all take to make our data more secure:

Enable ‘Two Factor Authentication’ – This is the basic concept of just presenting two ways to authenticate yourself before being granted access to a website or application. Two factor/multi factor authentication has been rising to prominence in the United States as of the past 12 months. Companies and consumers alike are realizing that this can be a pivotal step in deterring your data from getting into the wrong hands. Some companies are even conscious enough to prompt you to enable this feature to save you time and headache in the future.

Limit Device Attachment – for Exchange or Office 365 users (the servers mentioned in the ongoing attacks) Microsoft gives you the option to only allow specific devices to attach, this limits exactly who and what devices can be allowed access, blocked from access, there’s even a “quarantine” option where you can decide later if you’d like to allow or block permission. Note: If you don’t happen to have Exchange as your server and you have something like Gmail, enabling the multifactor authentication we mentioned earlier will help make your account more secure. Here’s a step-by-step video on how to enable multi-factor authentication in Gmail.

Utilize Application Outage Avoidance (AOA) – Here at Protected Harbor, we have created a tool specifically designed to combat this situation from happening to our clients. Application Outage Avoidance ensures that attacks from one source on one server are instantly blocked across all servers. This is done to be certain that everything is as secure as possible from the moment a threat is detected. Our protected data centers are designed to allow you to have access to your data under any circumstance, if you pair that with our suite of full service options, you can operate with confidence knowing your business is prepared for anything.

Overall, this is far from unique news when it comes to Chinese cyber security, “Exchange server vulnerability isn’t something new for Microsoft, in fact, these breaches are fairly common, it seems that every couple of weeks a new breach is surfacing.” says Junior Network Administrator, Justin Luna when asked about the issue. The overall takeaway is, regardless if you’re moving terabytes of data for your business or catching up with a family member via email, there’s always going to be some type of risk involved. Always be conscious of who you grant permission to and take as many steps as you can to secure your data. If you have any questions or would like to learn more about data security, here at Protected Harbor we’d be happy to help.