Microsoft have urged the system admins of on-premise Exchange email servers to upgrade in response to new breaches from state-sponsored hackers.
The Chinese group, known as ‘HAFNIUM’, are believed to have exploited previously undiscovered zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016 and 2019 via compromised US-based servers. Microsoft Exchange Online or related services (such as Microsoft 365) are not affected.
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 create a ‘perfect storm’ under which the attacker makes an untrusted connection to the targeted Exchange Server on port 443, and connects appearing to be someone with authorised access to add a web shell that grants a backdoor for future access.
HAFNIUM has previously been accused of industrial espionage and attempts to breach the technology of important private, public and national security organisations, including defence contractors.
As of 4th March, the Department of Homeland Security has also issued an emergency directive to all US federal agencies to urgently patch any on-premises Exchange servers by midday on 5th March.
For Cybersecurity advice and expertise, please contact our team today.
Microsoft have announced Reply All email storm protection for Exchange Online – designed to prevent crushing organisational reply all email chains.
By default, the feature will detect ten reply all emails to over 5,000 recipients within 60 minutes, (what IT admins jokingly call a ‘reply-allpocalypse’) and will block further sending to prevent the problem escalating.
A particular problem in large organisations, email storms begin when large numbers of recipients click ‘reply-all’ either to respond or ask to be removed from the chain – massively multiplying the overall number of emails passing through Exchange servers.
If you find yourself stuck in a big reply all email storm, the guidance is simple: Do nothing. Do not reply to the email. Replying only makes the problem worse for everyone in the email chain, including you.
Reply all email storms have plagued large organisations. The NHS was infamously struck by a server-crushing 500 million emails in less than two hours on 14th November 2016, after an IT contractor accidentally sent a test email to everyone with an NHSmail email address – approximately 840,000 people.
Microsoft itself became one of the first test cases during the “Bedlam DL3” incident of 1997, when a user emailed 13,000 company addresses. Other users unaware of how many replies they were sending asked to be removed, and by the time the storm had subsided a terrifying 15 million emails had been sent – far beyond the capacity of late-90s email servers.
Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’
In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.
In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.
There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.
Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.
Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.
For cybersecurity expertise and assistance, please contact Lineal today.
Email remains a, if not the, key threat vector for protecting organisations from cyber crime – with around 90% of cyber attacks beginning by compromising an unsuspecting user via email.
Today we take a closer look at some of the clever tricks of Barracuda’s email filtering & security service, and why the small investment to protect your inbox is worth it:
In addition to profiling every email which passes through its live email filtering service in seconds, Barracuda scans each email attachment for signs that the contents might be malicious.
As cyber criminals begin to use more sophisticated means, it’s worth implementing this to prevent macro-enabled office documents, infected PDFs and similar file download tricks from catching out users who might be curious to open a dangerous attachment.
Barracuda email filtering scans not just incoming, but outgoing emails from your hosted mail service or mail server, ensuring not only that your clients are protected from suspect emails, but that staff cannot circulate threats further within your organisation.
Anybody familiar with being caught in a reply-all ’email storm’ knows how quickly bad email can spread internally – be part of the solution yourself, not the problem.
In the event that your email service falters, clients quickly begin receiving bounce-backs, which leave a poor impression of customer service.
This is avoidable – routing via Barracuda’s email servers, emails will temporarily ‘spool’ like planes stacking over an airport, ensuring onward delivery later when the service comes back online. This ensures any unfortunate interruption to communications is not immediately visible to your clients.
Long Term Recovery
Hosting your email in the cloud with Microsoft Office 365? Everything is backed up in the cloud, correct? Not quite – even Office 365 has a 30-day recovery period on deleted email, and emails can ultimately only be restored individually.
This retention period can be longer, or even unlimited, with Barracuda email backups, making sure that emails can be recovered long after staff have deleted them, accidentally or otherwise.
This extra silo of automated email backup protects not just against employee negligence or malpractice, but also common digital breaches such as compromised accounts.
For cyber-security and IT expertise – please contact our team today.
Phishing emails that attempt to steal sensitive information or defraud funds are a growing threat to small businesses – and the root cause of roughly 90% of business cyber attacks.
Educating your staff to be wary of clicking on a suspicious email is arguably one of the simplest and most effective cyber-security practices for small businesses. But how should you approach this?
Nobody is Immune
There’s no telling when or where a phishing email will arrive at your business, and any single compromised computer might be a cyber-criminals ‘way-in’ to the company – so a good place to start is the idea that it is everyone’s responsibility to watch out for suspicious emails.
Phishing email traffic is estimated to have increased by around 65% last year, and approximately 30% of those phishing emails get opened by IT users.
You’re the CEO of a global multi-national conglomerate? Then you’re MORE, not less likely to be targeted. Such ’Spear Phishing’ attacks are often highly specific to key individuals, aiming squarely at users with privileged information, responsibility over finances or higher levels of access.
Email awareness applies to anyone and everyone with access to email, so training efforts to make your company secure need to apply up and down the hierarchy.
Getting hands-on with real examples of phishing emails is the single best way to immunise your team against being caught out. Cybersecurity companies increasingly recognise the ‘human’ factor as the most critical ’threat vector’ – put simply, there’s (ultimately) no substitute for human intuition about what might be suspicious.
Show your team key warning signs to look out for – suspicious email addresses in the email header, bad grammar, or links to dodgy URLs that display when you hover your mouse pointer over them.Fortunately ‘Fake bank’ or ’Nigerian Oil Minister’ type scams have become quite notorious over the last decade, so even the least tech-savvy user will soon catch on to the idea that if an email seems odd, it’s worth checking before clicking or typing-in any sensitive details.
Studies suggest many IT users increasingly feel that cyber-security breaches are inevitable, and that there’s ‘nothing they can do.’ This security ‘fatigue’ is partly the fault of cybersecurity providers, who have bombarded companies with this idea.
Avoid this mindset. Yes, 76% of companies reported being the victim of a phishing attack in 2017, but 24% did not. Those exemplary organisations will (at least partly) be making their own luck with good working practices, cybersecurity training for users, and strong IT security.
Defeatism also ignores that not all cybersecurity breaches are created equal – a breach could result in a negligible cost to recover a single PC, or cripple a major organisation worldwide, as NotPetya ransomware did to Maersk Shipping in 2017. Under GDPR, the scale of the fines issued by the Information Commissioner’s Office are directly related to the severity of the breach.
The lesson is clear: limiting your organisation’s exposure to attack also limits the potential ‘scale’ of the damage. Never surrender!
Do Your Part
It’s helpful to be able to show you’re also investing in your users’ safety at work – that you’re leading by example. Fortunately, there are many ways to reinforce end-user security when using email:
Setting your email out of office is something most people do only occasionally, and therefore can be unfamiliar to many. However, an auto-reply helps present a professional face for your business or organisation while you’re away enjoying the holiday season, and provides reassurance to those trying to contact you.
Here are our handy guides for setting up your auto-reply:
1. Open Outlook from your Office 365 Apps, and click the ‘Settings’ cog icon in the top right of your browser. Click ‘Automatic Replies’.
(If using Microsoft’s Outlook.live.com free personal service, you may need to click ‘View All Outlook Settings’ in your Settings tab for Automatic replies to be visible.)
2. Outlook will open your Autoreply settings. To turn on your Automatic replies, tick the top box labelled ’Send Automatic Replies’, and enter the text for your auto reply in the text box.
Choose the date and time period you wish your Out Of Office to remain active for, and when ready, click ‘OK’
Outlook 2019 (for Mac)
1. Open Outlook from your Applications, click ’Tools’ from the Menu Bar and select ‘Out Of Office’.
2. Outlook will open your Autoreply settings. To turn on your Automatic replies, tick the top box labelled ’Send Automatic Replies’, and enter the text for your auto reply in the top box.
Choose the date and time period you wish your Out Of Office to remain active for, and when ready, click ‘OK’.
Outlook 2019 (for PC)
1. Open Outlook and click to the ‘File’ Menu from the top toolbar.
2. From the ‘Info’ Tab click the ‘Automatic Replies/Out Of Office’ Button to open the Automatic Replies Window.
3. Click ’Send Automatic Replies’ at the top – choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the ‘Outside My Organisation’ text field, and click ’OK’.
1. Open Mac Mail
2. Right click on the left hand navigation panel and select get Account Info.
OR – If you right click on a file stored in your own mailbox you will have a direct link to your Out of Office
3. Click ’Send Out of Office Replies’ – choose the date and time period you wish your Out of Office to remain active for, enter the message you wish to use for your Autoreply in the ‘Internal Reply and External reply’ text fields, and click the red close icon in the top left.
1. Open Gmail in your web browser, and click the cog icon in the top right.
2. Open ’Settings’, click ‘See All Settings’ and scroll down to the section named ‘Vacation Responder’.
3. Switch Vacation Responder to ‘On’. Choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the text field, and click ‘Save Changes’.
1. Sign in to Kerio Webmail, and click your email name in the top right of the browser window. Choose ‘Out Of Office’ from the dropdown Menu.
2. Tick ’Send Out Of Office Message’, choose the date and time period you wish your Out Of Office to remain active for, enter the message you wish to use for your Autoreply in the text field, and click ’Save’.
1. Sign in to Yahoo! Mail and click the cog icon in the top right corner of your browser to access your settings. Click ‘More Settings’
2. Click ‘Out Of Office’ Response from the left hand menu. Toggle the ‘Turn On Out-Of-Office Response’ Switch to ON.
3. Enter the to and from dates you wish your out of office to remain on for, enter the auto-response in the text box, and click ‘Save’.
Windows 10 Mail App
Open Mail and click the settings cog in the bottom right of the menu.
2. Select ‘Automatic Replies’ from the settings menu
3. Select your email account, toggle Automatic replies to ‘ON’ and enter text for your automatic reply for internal and/or external contacts.
For IT support advice and guidance, contact Lineal today.
iOS 11 users who updated their iPhones and iPads this week have been given a nasty shock, upon discovering Microsoft email services will no longer function correctly.
Apple are reported to be ‘working closely’ with Microsoft to resolve the issues – affecting compatibility with Microsoft Exchange 2016, Office 365 and Outlook.com – which display an error message informing users that their mail account “Cannot send mail. The message was rejected by the server.”
One week on from Apple’s flagship iPhone X launch, the problem leaves the tech giant with a public relations headache, as early adopters of the newest touchscreen operating system rush to complain online.
Rubbing salt in the wound, Microsoft also published an official support warning on Tuesday, rather mischievously entitled: “You can’t send or reply from Outlook.com, Office 365, or Exchange 2016 in iOS 11 Mail.app”. According to MacRumors, beta testers (including engineers at Lineal) were raising the Microsoft email service problem as early as July, although it appears to be unresolved by Apple’s developers.
Users urgently needing email are advised to download the Outlook for iOS app from the App Store as a lifesaving alternative, suffer a more Microsoft branded email experience, and await rescue from Apple bug fixers.
Continuing our recent series on email phishing trickery including fake invoices and Apple ID theft, this week we discovered a new scam involving a fake communication claiming to be from the Driver & Vehicle Licensing Agency (DVLA).
You haven’t sent them your vehicle details: but never fear, enter them below and avoid a hefty ‘1000 GBP’ fine. Never mind that your garage should have organised a V5 document for you, just click the link and type in your details. This couldn’t be a scam? Right?
We set Lineal’s security trainee Lewis on the fake DVLA emails case – who found that the email links to a private (non Gov.uk) web-page with a extensive bit of PHP code running in the background. A classic Trojan, this webpage invited you to download your casefile – and likely something dangerous along with it.
Despite poor grammar, the format matched a GOV.UK page quite closely and the ‘official’ nature of the styling might easily have tricked unsuspecting motorists.
Avoiding the page itself, Lewis completed an HTTPS lookup on the domain hosting the fake web page – but found two servers running the same scam. The email itself appeared to be routed via the USA, in an effort to mask the attacker(s) identity.
Tracing both IPs seperately led back to the same address in Germany, registered under two different names which could either be part of an organisation (or more likely) both assumed identities stolen from others fallen victim to the scam.
German privacy law prevents Google StreetView from being completed across most of the country, so an aerial view of an unknown industrial building on the outskirts of Lippstadt was a close as we could get to sourcing the suspicious email itself.
Clearly a sophisticated operation, fake DVLA emails like this highlight the growing technical ability of online scammers and the need for solid IT security precautions.
For IT Security advice and support, contact Lineal today: 01271 375999
Last week our security trainee from Petroc, Lewis, received a fairly typical ‘Phishing’ email – designed to look like an official request for information in order to trick recipients into handing over personal details. Keyboard at the ready, he decided to go on an investigation – hunting down email scammers.
‘Your Apple ID has been suspended’ read the headline, but never fear, you can reset your account by typing in your private details via ‘Appl.e.com’. It may sound like an obvious scam, but the written quality of the email was high, and Verizon estimates that more than 25% of Phishing emails are not only opened, but clicked on by unsuspecting victims.
The email link itself looked suspicious so Lewis stripped the exact page link back to it’s original domain as our first clue. A quick HTTP lookup found the IP address of a Linux based Server with several open ports.
The scammers themselves were careful – expanding the email header shows an encrypted code in place of an email reference.
Online tools like GeoTool suggested the server sending the email had been French (although mapping this an imprecise science – suggesting the Parisian machine was sat at the bottom of the river Seine.) Nevertheless this gave us a country of origin and also a more accurate address.
Here we hit a problem: the address listed related to a French cloud hosting provider’s company office building in Roubaix, near the city of Lille on the border between France and Belgium. The company itself appears entirely legitimate, so it’s likely a server there has been hijacked or otherwise used inappropriately by a customer of the provider.
A reverse DNS lookup via an online US Security tool suggested the hosted domain name’s registered contact person was based in an apartment building in district 56121, Thessaloniki, Greece, and even listed a gmail address and phone number for the named contact (redacted.)
Had we wanted to, there’s an opportunity here for mischief, but here we decided to end our search – with sufficiently detailed information to report to customer services of the French hosting provider whose server had been misused to distribute the email.
Although it’s likely the original source had been found, it’s possible the Greek client registering the domain name was themselves a victim of the Phishing email or a similar scam.
As a case study, Lewis’ virtual chase across Europe hunting down email scammers highlights how every business is at risk from a globalised world of threats – anyone can be struck by a dangerous email from anywhere, and even the most local businesses need to take precautions.
At Lineal we’ve found the most commented upon feature of Microsoft’s Office 365 email has been the reduction of spam – but why does running your email from the cloud make Outlook 2016 so much better at blocking these annoying spam emails?
On your old in-house email server, Outlook stops spam emails being delivered based on whatever policies and protection you’ve put there and maintained (or not…,) whilst Office 365 is managed all year round as a remote service, with up-to-the-hour security updates in Microsoft data centres. Moving your business email to the cloud ensures your inboxes are not just company compliant, but physically and virtually safer.
Firstly, Office 365 checks your email for known suspicious attachments or malicious links. If neither are found, your email is screened through three independent Anti-virus engines, before being delivered safely to your inbox.
But what if something suspicious is found? Malicious links are re-written where possible, and suspicious attachments are removed to a sandboxed (isolated in software) ‘detonation chamber’, where they are opened safely to check for harmful code. Any attachments still deemed to be dangerous are removed from the email before being processed further.
Due to sheer volume of email processed through Office 365, Microsoft are also able to use information about all threats seen worldwide, and protect your inbox from even brand new ‘zero-day’ dangers seen elsewhere online.
Microsoft’s Office 365 Team have announced the availability of multiple UK data centres for customer data.
The move follows increasingly strict rules on data compliance in the financial, security, health and public sectors – with more cloud IT users looking to ensure their data remains safely located in the UK.
Prospective customers considering the implications of Office 365 are able to view the locations of Microsoft’s uk data centres with this online ‘Where Is My Data?’ map, which now displays both the additional data centres and the Microsoft cloud services they support, in both London and Durham, with a third site anticipated for Cardiff.
Office365 and Azure Users will also have the ability to ‘re-locate’ their data from regional data centres (in most cases based within mainland Europe) to the new UK service.
In addition to the security and legal advantages for protecting sensitive data, cloud users of Office 365 are likely to benefit from lower costs, online backups and collaborative, remote access to files.
For now, the ability to re-locate Office365 or Azure data to the UK is likely to be restricted, with priority expected to be given to high-profile UK public sector customers including NHS Trusts and the Ministry of Defence – the latter mirroring many customers belated move to the cloud, upgrading legacy on-site systems in use since 2005.
The new infrastructure has been widely praised, with Microsoft clearly investing heavily in addressing the doubts many have about moving their IT to the cloud; reducing Office365 downtime to just 4 hours per year, and now re-locating data within country of origin for compliance with a high standard of data protection.
Contact Lineal for advice on moving to the cloud, or for a free trial of Microsoft Office 365 Business Premium, click here.
You attempt to can send the email again by going to the outbox, selecting the message with the red [!] warning icon, and touch the send command to attempt to re-send the message. If your connection dropped whilst sending, this can be used to prompt a successful second attempt when the connection is restored.
If your outgoing email still remains stubbornly unsent, it may be best to delete the un-sent email and re-draft (some artful copy-pasting can alleviate this frustration considerably) by selecting the failed email in the outbox, choosing ‘edit’ and choosing ‘trash.’
Should your device remain uncooperative, putting it into ‘Airplane Mode’ should turn off wireless connection searching – which can help Mail stop searching for a way to send the email, and give you the chance to ‘trash’ the offending draft.
Lifecycle support for Microsoft’s Exchange Server 2007 email will end in April 2017, Microsoft has confirmed.
Existing email servers will continue to work past this date initially, but will receive no further patching without purchasing ‘custom support’ at an unknown extra cost. Each version of Exchange is predicted to last only around 10 years, with the 2016 edition lasting until 2025.
Exchange 2007 was included as part of Microsoft Small Business Server 2008 which went end of mainstream support last year. With the challenges of ensuring systems are secure, upgrading from SBS 2008 sooner rather than later will be the order of the day for many businesses.
Unfortunately, upgrading old copies of Exchange Server 2007 to Microsoft’s latest version of Exchange Server (2016) may be more challenging than many organisations will expect, as a direct migration is not available.
This forces users to stepping-stone via the 2010 or 2013 versions, a restriction that will be familiar to any business that has tried to upgrade a legacy Windows XP system to Windows 10, who must buy a redundant Windows 7 license just to make the transition.
Lineal can offer consultancy services for upgrade and migration planning in addition to being a certified Microsoft Partner. We specialise in Office 365 and hybrid deployments across the entire Microsoft product set.
Please get in touch to find out how easy and cost effective it can be to move your email to the cloud with Lineal.
The virus then begins encrypting files, demanding a ransom be paid to unlock the user’s data.
According to the BBC the unconnected company cited in the email, cotton fabric manufacturer British Millerain Co Ltd, have received more than 150 phone calls from individuals concerned that they owe money.
Phishing emails and websites, which typically mimic official bank or company communications to trick vulnerable users into making payments to criminals, are becoming increasingly sophisticated.
The use of an individual’s personal address, and higher quality written English, suggests the original creator of the email has gone to greater lengths to make the email look convincing and to avoid detection.
It is also likely that the matching address originates from stolen, legitimate customer data, accounting for users’ recognition of the way they write their own home contact details.
New threats are constantly developing, and Lineal recommend installing an antivirus software with a strong record of catching emerging online threats – such as ESET.
Always follow some simple rules:
Never click a link or open an attachment from any suspicious email whose origins you do not recognise.
Banks and similar will NEVER request your private passwords, pin numbers or other confidential information. Do not disclose these to anyone.
If hit by cryptolocker style ransomware, every second counts – seek professional technical support immediately.
Always keep a regular, separate backup of your files.