With the story last week about the recently disclosed Microsoft Exchange vulnerabilities that have affected thousands of organisations, over the weekend, the White House has warned organisations have “hours, not days” to fix the vulnerabilities. Microsoft and security researchers warned that the vulnerabilities are being combined with ransomware and security experts have estimated that as many as 80,000 exchange servers around the globe remain unpatched and vulnerable to exploitation.
<div>While I cannot speak directly to how Hafnium picked its targets and deployed the backdoor, I can talk to the broader issues of internet-wide scanning. <br /><br /></div> <div> </div> <div>In 2021 it is safe to assume if a system is exposed directly to the internet, it is continuously being scanned and probed by both services like Shodan and <a href=\"http://Census.io\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=http://Census.io&source=gmail&ust=1615898675556000&usg=AFQjCNEnreaaULvz97YPfjMuE2nIfkqpHw\">Census.io</a> and \"attackers\" looking for easy targets. <div> </div> <div><br />Understanding their attack surface should be a paramount concern for organisations in 2021. Open source tools like <a href=\"http://intrigue.io\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=http://intrigue.io&source=gmail&ust=1615898675556000&usg=AFQjCNEFB3K2qCaddwnK6UIHx92rgqiR0Q\">intrigue.io</a> help with this and immensely. Once the attack surface is understood, organisations can work on minimising those as much as possible.</div> <div> </div> <div><br />Organisations should also have an \"emergency kill switch\" well documented where they can pull a system quickly off the internet when they know mass exploitations against systems they have not been able to patch are happening.</div> </div>