Abstract: This paper will be discussing the 2021 Microsoft Exchange Server breach
Introduction
I chose to write about the 2021 Microsoft Exchange Server which impacted both the
government and financial sector which interested me because of the methods that hacker group
used in order to infiltrate the exchange servers and the impacts of the breach on the financial and
government sector. Microsoft exchange servers is used for securing emails and protecting
sensitive data from hackers. I also chose to write this paper on the data breach of Microsoft
exchange server because I wanted to detail the types of attacks used in the attack such as zero-
day vulnerabilities and ransomware. I also wanted to talk about damages and the data leaked by
the hackers after the data breach.
A data breach is described as “An incident in which sensitive data is accessed and stolen”
(Kim & Soloman, 2016, p.503). The exploits used in this data was four zero-day vulnerabilities
that the hacker used because there was a vulnerability in the Microsoft Exchange server that
Microsoft wasn’t aware of which made the hacker infiltrate the server and steal sensitive data.
According to Osborne, (2021), one of the vulnerabilities that could have caused the attack was
Proxy Logon which was used in an attack which led to the hackers being able to have access to
the Microsoft Exchange servers “through bugs or stolen credentials and they can create a web
shell to hijack the system and execute commands remotely.” Another method that hackers used
to infiltrate the Microsoft Exchange Servers was a ransomware called Dear Cry which according
to (Weston, 2021) was the result of “unpatched software the hackers managed to compromise
on-premises Exchange servers which also encrypted user data” The hackers was doing this while
they were also attacking Microsoft exchange servers using four zero-day vulnerabilities
Microsoft responded to the breach by releasing patches which according to (Carlson,
2021) “addressed the exchange server versions 2010,2013,2016, and 2019 which included the
software vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-2658, and CVE-2021-
27065 which together comprised the Proxy Logon that caused the data breach of Microsoft
Exchange Servers.” The group responsible for the data breach is Hanfum which is based out of
China and is known to attack U.S based companies like Microsoft and they managed to get into
over 400,000 Microsoft exchange servers accounts and leaked the users’ sensitive information
like email addresses, usernames, and passwords.
Conclusion
The lesson that can be learned from this data breach is to make sure that companies are
aware of vulnerabilities of their systems to avoid a data breach like what happened to Microsoft.
I would also recommend that companies educate their employees on certain methods that I have
mentioned in the paper like zero-day vulnerabilities, and ransomware so they can know what to
avoid in the event of a data breach. I would also recommend companies to have data backup to
prevent the encryption of data due to ransomware.
Resources
Osborne, C. (2021, April 19). Everything you need to know about the microsoft exchange server hack. ZDNET. https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/
Kim, D., & Solomon, M. (2023). Fundamentals of Information Systems Security (3rd ed.). Jones & Bartlett Learning.
Carlson, B. (2021, May 6). The microsoft exchange server hack: A timeline. CSO Online. https://www.csoonline.com/article/570653/the-microsoft-exchange-server-hack-a-timeline.html