As some of you may have heard, IKEA recently experienced an alleged supply chain phishing attack, BleepingComputer reports. This attack targeted internal mailboxes and there are suspicious emails being sent from compromised IKEA organizations and partners. Supply chain phishing attacks can be extremely harmful to an organization’s reputation and credibility because the suspicious emails come from inside the organization. There is evidence to support that this hack came from vulnerabilities in their Microsoft Exchange server. This specific attack was a wake-up call to many MSPs that they need to be taking their cyber security more seriously for themselves and for their clients.
So how can MSPs and MSSPs prevent attacks like these from occurring?
Patching is crucial to preventing these types of attacks and protecting your reputation and the reputation of your clients and partners. This should be a key area of focus for MSPs if they are currently running Microsoft Exchange servers. Keep yourself and your clients secure and confident by keeping up with your patching, being aware of any vulnerabilities, and knowing how to take care of them.
A managed detection and response security company, Huntress offered an Exchange Server security guidance to help Managed Service Providers understand the importance of patching in addition to externally validating the patch. This source tells you how to check your own patch status and further monitor the cyber wellness of your servers.
Microsoft, as well as the Cybersecurity and Infrastructure Security Agency (CISA), continue to warn Managed Service Providers and IT professionals about the Microsoft Exchange Server Vulnerabilities that must be patched to ensure security. Regularly applying patches and managing those patches is crucial to preventing vulnerabilities that make you susceptible to cyber-attacks.
As MSPS, your clients depend on you to ensure their data and reputation stay secure. As the threat landscape is ever-changing, it is vital for MSPs to stay informed of threats and keep up with regulations and the increasing expectations of their clients to keep everyone digitally secure.