There has been a lot of media attention concerning the recent Microsoft Exchange server vulnerabilities that cybercriminals are exploiting to execute their malicious ransomware attacks. As a result, many organizations still holding on to their on-premises email infrastructure environments are considering migrating to Microsoft 365 (formerly known as Office 365) to lessen their risk exposure.
This raises the question of whether online Exchange is also vulnerable to ransomware. Are you simply trading one vulnerable ecosphere for another when migrating to Microsoft 365?
First and foremost, a locally maintained Exchange environment of a typical SMB is certainly more vulnerable to a ransomware attack than Online Exchange. While many organizations don’t have personnel dedicated to keeping their Exchange systems fully patched and up-to-date, Microsoft does—it’s poor patching practices that are so widely exploited. Microsoft 365, on the other hand, is a security fortress, protected by large teams of highly skilled cybersecurity specialists.
That doesn’t make Microsoft 365 impenetrable, however. The irony is that with so many organizations congregating their Exchange environments into a single online multi-tenant environment, it creates an almost irresistible target. When all the low-hanging fruit is gone, hackers are forced to direct their efforts to beating the Microsoft 365 system.
There have been instances in which an organization fell victim to a ransomware attack that involved Microsoft 365. In most cases, the involvement was simply due to collateral damage, i.e., the perpetrators of the attack didn’t target it.
An attack levied against a company’s Microsoft 365 system currently looks something like this:
While the file versioning feature of the online file applications gives users the ability to easily revert to a clean prior version, it is far from foolproof. Using the user’s privileges, an attacker can simply disable the versioning feature, or manipulate it in such a way that circumvents the available fallback strategy.
While this scenario is certainly a real and viable threat, it has a major shortcoming—it’s incredibly slow. It’s far faster to encrypt files in rapid succession from within the network itself, rather than depending on online synchronization services. The longer an attack takes to be implemented, the greater the chance of it being detected by someone.
While Online Exchange is vulnerable to ransomware attack, it isn’t practical—yet. Ransomware gangs are currently much better off targeting on-premises installations, but that doesn’t mean things won’t change. Cybersecurity is a moving target due to the dynamic nature of the threat landscape, and you can be confident that hackers are working on a solution to the challenge right now.
