The UK’s National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the trend toward home office (Coronavirus) to conduct cyberattacks and hacking campaigns. These ‘phishing’ attempts have been seen in several countries and can lead to significant losses: financial, reputational, and sensitive data. And no one is immune —as you’ll read in our third real-world case notes:
A Government Agency recently approached us with a case where some users had fallen victim to phishing emails. The messaging team originally felt secure having 2FA in place, but when the hackers used the phished credentials to attack high-value email accounts through unprotected Exchange Web Services (EWS) and ActiveSync Services (EAS) their concern grew. They forced password resets on the affected accounts but started seeing a growing number of lockouts and password guessing attacks that were affecting their users even with 2FA in place.
It was these concerns that lead them to install a Messageware EPG trial with the goal of locking down open Exchange Server services that were not protected by their 2FA solution. These included Autodiscover, ActiveSync, and EWS. Together, we installed EPG and the user lockouts ceased. With EPG monitoring, future logon activity has become easily identifiable and with EPG tools, action can be taken to independently isolate and secure the Exchange Services that 2FA does not protect.
Our advice here:
Beware of slipping into a false sense of security with a single solution. Ensure you protect all the ways that hackers can gain access to Exchange Services and consider installing additional protection like Exchange Protocol Guard.