The Canadian Centre for Cyber Security
(the “Cyber Centre”) has updated its warnings about Microsoft Exchange Server vulnerabilities, which Microsoft has indicated are being exploited by a sophisticated group of hackers known as Hafnium. Microsoft reported earlier this month that U.S. law firms are among the sectors being targeted, and in a March 8, 2021 update advised that they continue to see multiple actors beyond Hafnium taking advantage of unpatched systems to attack organizations with on-premises Exchange Servers.
Although Microsoft has not specifically identified Canadian law firms as being targets, it is strongly encouraging all Microsoft Exchange Server customers to protect themselves through patches and other mitigation techniques.
The Cyber Centre updated its warnings on March 10, 2021 to strongly recommend that organizations follow their previously issued advice and guidance regarding the Exchange Server vulnerabilities. The Cyber Centre also warned that it appears attacks commenced in January 2021 and that neither interim nor recommended patching solutions will fully protect systems. Accordingly, organizations are encouraged to conduct a thorough analysis of any systems that may be affected by the vulnerabilities using resources provided by Microsoft.
The Cyber Centre included a number of resources in its updates, including Microsoft links. The Cyber Centre updates can be found here
Microsoft stated that threats to organizations include access to email accounts by threat actors and “installation of additional malware to facilitate long-term access to victim environments.”
ALIA recommends that its Subscribers and their law firms take steps, through their IT professionals or otherwise, to assess whether these threats are applicable to their systems and determine how to best protect themselves.