With the now dubbed "HAFNIUM" attacks around the world targeting the largest business collaboration platform in the market, Microsoft's Exchange Server, the mainstream press has started covering something that actually occurs in every IT persons life on a monthly basis.
Applications and codebases that have been around in one form or another for over two decades, are discovered to have past mistakes present, that can now be exploited, and exploited they have been.
Rough estimates show that nearly 60,000 servers have been compromised already worldwide (each server potentially hosting 1000’s of users) and there are estimates that there are 7000 serves potentially vulnerable in Australia alone.
For the most part OpusV's customers have been migrated away from on premise infrastructure, and for the vast majority of our clients, a fully cloud base infrastructure is the best fit for their business needs.
As a Microsoft Cloud Services Partner we manage an extensively diverse range of clients collaboration needs via emails, calendars, Teams Messaging, SharePoint and OneDrive. For a few specific reasons such as data sovereignty, manage some on premise servers for a very select range of clients, and our normal approach to security worked as intended for Hafnium.
We were aware of chatter around the security vulnerability over a month ago, due to the extensive research and reading we do to stay abreast of todays complex environment, which takes no small amount of effort.
Our management systems allowed for the deployment of the required patches, OpusV staff executed these with minimal interruption to client workflows due to implemented high availability infrastructure. This was just the process working as intended.
What we undertook above and beyond this was deploying our senior engineers to perform some forensic analysis of these servers to ensure that no exploit activity occurred before the availability of the patch. This takes familiarity with the server platforms, and experience with the security analysis frameworks undertaken to assess incidence and response.
To top all of this off we provide board reporting messaging to allow management to convey to their oversight that the risk that may seem alarming, has been handled in a short time period to an acceptable risk management and compliance level.
Interestingly we continue our research because it may be that the Hafnium problem is not over quite yet. Talk about potential bypasses to the security patch is something of concern that we are investigating and following closely.
In a lot of circumstance there are additional mitigation measures, mainly around minimizing exposure to hostile vectors of attack that we implement to ensure to the best of our abilities that our clients are safe, and can operate knowing their trusted infrastructure partner is actively working to secure them.