QPC Security - Breakfast Bytes

Patching strategy and lessons from the Exchange HAFNIUM attack

Listen Later

Exchange HAFNIUM attack

  • Pretty much every Exchange server on the planet got hacked that was internet accessible without protections in front of it
  • Anything that does not have MFA protections in 2021 is going to be hacked, especially if it is accessible from the internet
  • Not having MDR and THIS with zero trust posture is just not acceptable
    • Yes this is increasing the cost substantially, but your alternative is what?
  • It is possible to proxy the traffic ingressing to the Exchange server and inspect that for IPS signatures
    • Fireboxes Detect HAFNIUM Attacks in the Wild | Secplicity - Security Simplified
  • It is also possible to put a web portal in front of the Exchange server that is required to be accessed with MFA before it would be possible to use the services there.
    • Reverse Proxy for the Access Portal (watchguard.com)

     

    Patching properly and thoroughly is an art form

    • Getting updates deployed for an operating system requires quite a bit of technique and multiple layers with validation
  • How thorough is your third party patch catalog and platform?
  • Are you looking for EOL or deprecated software?
  • Are you cataloging what business software is dependent on deprecated junk and what are you doing about getting rid of it?
  • How frequently are the physical machines being patched for firmware, drivers, BIOS?
  • Do you have mechanisms to update PowerShell?
  • Are you auditing and restricting WMI and PowerShell?

    •  

    Ubiquiti - multiple significant security fails

    Ubiquitous for all the Wrong Reasons | Secplicity - Security Simplified

    ...more
    View all episodesView all episodes
    Download on the App Store
    QPC Security - Breakfast BytesBy qpcsecurity