Abstract: This paper will be discussing the 2021 Microsoft Exchange Server breach<\/p>\n\n\n\n
Introduction<\/p>\n\n\n\n
I chose to write about the 2021 Microsoft Exchange Server which impacted both the<\/p>\n\n\n\n
government and financial sector which interested me because of the methods that hacker group<\/p>\n\n\n\n
used in order to infiltrate the exchange servers and the impacts of the breach on the financial and<\/p>\n\n\n\n
government sector. Microsoft exchange servers is used for securing emails and protecting<\/p>\n\n\n\n
sensitive data from hackers. I also chose to write this paper on the data breach of Microsoft<\/p>\n\n\n\n
exchange server because I wanted to detail the types of attacks used in the attack such as zero-<\/p>\n\n\n\n
day vulnerabilities and ransomware. I also wanted to talk about damages and the data leaked by<\/p>\n\n\n\n
the hackers after the data breach.<\/p>\n\n\n\n
A data breach is described as \u201cAn incident in which sensitive data is accessed and stolen\u201d<\/p>\n\n\n\n
(Kim & Soloman, 2016, p.503). The exploits used in this data was four zero-day vulnerabilities<\/p>\n\n\n\n
that the hacker used because there was a vulnerability in the Microsoft Exchange server that<\/p>\n\n\n\n
Microsoft wasn\u2019t aware of which made the hacker infiltrate the server and steal sensitive data.<\/p>\n\n\n\n
According to Osborne, (2021), one of the vulnerabilities that could have caused the attack was<\/p>\n\n\n\n
Proxy Logon which was used in an attack which led to the hackers being able to have access to<\/p>\n\n\n\n
the Microsoft Exchange servers \u201cthrough bugs or stolen credentials and they can create a web<\/p>\n\n\n\n
shell to hijack the system and execute commands remotely.\u201d Another method that hackers used<\/p>\n\n\n\n
to infiltrate the Microsoft Exchange Servers was a ransomware called Dear Cry which according<\/p>\n\n\n\n
to (Weston, 2021) was the result of \u201cunpatched software the hackers managed to compromise<\/p>\n\n\n\n
on-premises Exchange servers which also encrypted user data\u201d The hackers was doing this while<\/p>\n\n\n\n
they were also attacking Microsoft exchange servers using four zero-day vulnerabilities<\/p>\n\n\n\n
Microsoft responded to the breach by releasing patches which according to (Carlson,<\/p>\n\n\n\n
2021) \u201caddressed the exchange server versions 2010,2013,2016, and 2019 which included the<\/p>\n\n\n\n
software vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-2658, and CVE-2021-<\/p>\n\n\n\n
27065 which together comprised the Proxy Logon that caused the data breach of Microsoft<\/p>\n\n\n\n
Exchange Servers.\u201d The group responsible for the data breach is Hanfum which is based out of<\/p>\n\n\n\n
China and is known to attack U.S based companies like Microsoft and they managed to get into<\/p>\n\n\n\n
over 400,000 Microsoft exchange servers accounts and leaked the users\u2019 sensitive information<\/p>\n\n\n\n
like email addresses, usernames, and passwords.<\/p>\n\n\n\n
Conclusion<\/p>\n\n\n\n
The lesson that can be learned from this data breach is to make sure that companies are<\/p>\n\n\n\n
aware of vulnerabilities of their systems to avoid a data breach like what happened to Microsoft.<\/p>\n\n\n\n
I would also recommend that companies educate their employees on certain methods that I have<\/p>\n\n\n\n
mentioned in the paper like zero-day vulnerabilities, and ransomware so they can know what to<\/p>\n\n\n\n
avoid in the event of a data breach. I would also recommend companies to have data backup to<\/p>\n\n\n\n
prevent the encryption of data due to ransomware.<\/p>\n\n\n\n
Resources<\/p>\n\n\n\n
Osborne, C. (2021, April 19). Everything you need to know about the microsoft exchange server hack<\/em>. ZDNET. https:\/\/www.zdnet.com\/article\/everything-you-need-to-know-about-microsoft-exchange-server-hack\/<\/p>\n\n\n\n Kim, D., & Solomon, M. (2023). Fundamentals of Information Systems Security <\/em>(3rd ed.). Jones & Bartlett Learning.<\/p>\n\n\n\n Carlson, B. (2021, May 6). The microsoft exchange server hack: A timeline<\/em>. CSO Online. https:\/\/www.csoonline.com\/article\/570653\/the-microsoft-exchange-server-hack-a-timeline.html<\/p>\n","protected":false},"excerpt":{"rendered":" Abstract: This paper will be discussing the 2021 Microsoft Exchange Server breach Introduction I chose to write about the 2021 Microsoft Exchange Server which impacted both the government and financial sector which interested me because of the methods that hacker group used in order to infiltrate the exchange servers and the impacts of the breach … <\/p>\n