Cyber attacks are becoming more frequent and more serious. The most recent example is the worldwide attack on Microsoft's Exchange Server: In March, hackers infiltrated the system via four security holes. This allowed them to log in as administrator without a password and thus read emails or access passwords and devices of their victims in the network. An estimated 250,000 systems were affected - 30 per cent of them in the DACH region. The fact that so many companies in German-speaking countries fell victim to the attack is no coincidence. In many places the necessary security awareness is still lacking.
The hack is one of the biggest cyber attacks of recent years - not only because of the enormous spread of Microsoft Exchange servers, but also because it is a so-called zero-day vulnerability that was unknown until it occurred. Microsoft already made a corresponding security update available at the beginning of March. However, since the attack was probably already launched at the end of last year, the attackers had enough time to set up backdoors in the infiltrated systems - so-called web shells. These vulnerabilities make it possible to gain unnoticed access to affected servers and PCs via a password-protected browser interface in order to infiltrate malware. Therefore, even after installing the Microsoft patch, victims are not immune to hackers penetrating the network, downloading files, manipulating websites and encrypting data in the course of ransomware attacks.
Web shell attacks are basically nothing new; the method has been used by hackers for years to gain access to systems. What is new, however, is the enormous scale of potential incidents and victims. In mid-April, Microsoft had to plug another security hole in Exchange servers with an update after a warning from the US secret service NSA. And further serious security breaches are to be expected in the future. In view of this critical situation, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive: All civilian and government-operated Microsoft Exchange servers should be updated immediately or, if necessary, disconnected from the systems. And the German BSI (Federal Office for Information Security) has declared a "red" alert for the first time in seven years and for the third time since its existence.
It is no coincidence that so many companies in German-speaking countries have fallen victim to the hack on the Microsoft Exchange Server. Medium-sized companies in particular lack the necessary security awareness. Moreover, in view of today's threat situation, it is no longer enough to take conventional security measures such as installing a firewall.
The remedy is provided by solutions that are AI-supported and able to track down the attackers before they find valuable company information or compromise systems. With ExeonTrace, for example, we offer a technology that uses various functionalities that can detect intruders: On the one hand, the network traffic is analysed automatically. This makes it possible to detect irregular data flows and patterns that occur when attackers try to spread in a network - for example in the form of so-called internal reconnaissance, lateral movement or data exfiltration. On the other hand, the solution analyses whether communication via the Exchange Server follows typical patterns. Suspicious activities and anomalies are immediately reported to the system administrator. This allows countermeasures to be taken in time before the attackers cause damage.
The author: Gregor Erismann, CMO of Exeon.
«PostFinance has chosen ExeonTrace because of its open and future-proof architecture. Not needing any hardware sensors and being able to control data flows, we didn’t have to make any significant changes to our existing infrastructure. We are also convinced by the cooperation with the competent and technically outstanding Exeon team.»
«I’m highly impressed by the technical abilities of this Network Detection & Response solution. I can definitely sleep better knowing that we have ExeonTrace in our network.»
«As CEO and owner of a fast moving logistics company, I cannot afford any system interruptions due to cyber incidents. With ExeonTrace, we have found a Swiss solution to monitor our network and quickly detect cyber threats.»
«We especially appreciate the comprehensive network visibility that ExeonTrace offers us. The anomaly detection is also extremely accurate and allows our analysts to focus on the essential threats.»
«As Co-CEO of alabus, a hidden champion in the field of business process optimization, protecting the data of our Swiss and international customers is of utmost importance to me. I rely on ExeonTrace to do this and am excited about how this solution helps us understand and secure our network.»