Search
Close this search box.

How Vulnerable Is Online Exchange To Ransomware?

The author

There has been a lot of media attention concerning the recent Microsoft Exchange server vulnerabilities that cybercriminals are exploiting to execute their malicious ransomware attacks. As a result, many organizations still holding on to their on-premises email infrastructure environments are considering migrating to Microsoft 365 (formerly known as Office 365) to lessen their risk exposure.

This raises the question of whether online Exchange is also vulnerable to ransomware. Are you simply trading one vulnerable ecosphere for another when migrating to Microsoft 365?

The World’s Biggest Target

First and foremost, a locally maintained Exchange environment of a typical SMB is certainly more vulnerable to a ransomware attack than Online Exchange. While many organizations don’t have personnel dedicated to keeping their Exchange systems fully patched and up-to-date, Microsoft does—it’s poor patching practices that are so widely exploited. Microsoft 365, on the other hand, is a security fortress, protected by large teams of highly skilled cybersecurity specialists.

That doesn’t make Microsoft 365 impenetrable, however. The irony is that with so many organizations congregating their Exchange environments into a single online multi-tenant environment, it creates an almost irresistible target. When all the low-hanging fruit is gone, hackers are forced to direct their efforts to beating the Microsoft 365 system.

Why On-Premises Attacks are More Effective

There have been instances in which an organization fell victim to a ransomware attack that involved Microsoft 365. In most cases, the involvement was simply due to collateral damage, i.e., the perpetrators of the attack didn’t target it.

An attack levied against a company’s Microsoft 365 system currently looks something like this:

  1. An attacker launches a credential stuffing attack or phishing attempt against privileged users within the organization, leading to the compromise of those credentials.
  2. This grants them access to the user’s OneDrive account or SharePoint library, allowing them to exfiltrate those files for extortion.
  3. They can then then take advantage of synchronization mechanisms by encrypting the files locally. Not only are the encrypted files synchronized with the online repository, but the encryption will also spread to any users that synchronize the files to their local machines.

While the file versioning feature of the online file applications gives users the ability to easily revert to a clean prior version, it is far from foolproof. Using the user’s privileges, an attacker can simply disable the versioning feature, or manipulate it in such a way that circumvents the available fallback strategy.

While this scenario is certainly a real and viable threat, it has a major shortcoming—it’s incredibly slow. It’s far faster to encrypt files in rapid succession from within the network itself, rather than depending on online synchronization services. The longer an attack takes to be implemented, the greater the chance of it being detected by someone.

Moving Targets

While Online Exchange is vulnerable to ransomware attack, it isn’t practical—yet. Ransomware gangs are currently much better off targeting on-premises installations, but that doesn’t mean things won’t change. Cybersecurity is a moving target due to the dynamic nature of the threat landscape, and you can be confident that hackers are working on a solution to the challenge right now.

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

Is This Your Business?
Get In Touch

Contact Us To Sponsor Your Business Listing & Learn More About The Benfits.

Before You Go!
Sign up to stay up to date with everything ransomware

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too

JUST RELEASED: The 2024 State of Ransomware Survey is in.

A REVEALING REPORT FOR IT PROFESSIONALS BY IT PROFESSIONALS

Share via
Copy link
Powered by Social Snap