In an issue that continues to rumble on, Microsoft have released a critical emergency patch to fix a series of vulnerabilities that attackers could exploit to compromise your Exchange server and steal critical information. These flaws pose a severe risk to businesses around the world, as threat actors managed to exploit them before Microsoft was aware of the issue, and now the rest of the cyber criminal world is following suit. Indeed, as we posted recently, even Acer have found themselves at risk, having been victim to a $50 million ransomware attack.
To protect your business, you, or your IT support provider, should have patched all on-premises Exchange servers. But in the meantime, if for whatever reason you have not, or cannot complete this, Labyrinth Technology and WatchGuard can help.
WatchGuard security solutions have been tested and can defend against the Hafnium exploit in a variety of ways:
Panda Adaptive Defense 360
Features detections for the PowerShell payloads and many of the webshells involved in this attack. The layered protection model of Adaptive Defense 360 will protect endpoints from being compromised by this attack. Used in conjunction with the Patch Management module, you will be able to defend your network against the Hafnium exploit and efficiently patch your endpoints as well.
Firebox’s Intrusion Prevention Service (IPS) has signatures that detect and block the first stage in the attack’s exploit chain.
Multiple signatures to detect and block the webshells used in the attack.
APT Blocker successfully detects the malicious PowerShell backdoors used in this attack.
Firebox Access Portal and VPN
The first attack stage for this threat requires an Exchange server exposed to the Internet. You can mitigate this stage of the attack by protecting the Exchange server behind the Firebox’s Access Portal on supported appliances.