Guernsey Press

Hacking risk persists for Exchange users

DOZENS of local firms could be susceptible to a global cyber hack.

Published
Last updated
Picture by ncsc.gov.uk (29342161)

Experts at Guernsey-based Black Arrow Cyber Consulting have raised the alert after Microsoft reported an attack on its Exchange email servers, initially by ‘state-sponsored’ actors out of China and then ‘multiple actors’ taking advantage of unpatched systems.

While Microsoft had released a software patch, the tech giant said applying it ‘will not evict an adversary who has already compromised a server’.

Black Arrow said cyber security teams in Guernsey needed to investigate and implement controls that will identify and address activity by someone who is already in the firm’s network.

‘From our research we have a list of 70 firms locally that have public-facing on-premises Microsoft Exchange servers which are susceptible to this attack. However, there are likely many more than that,’ said the company’s James Martel.

Firms regulated by the Guernsey Financial Services Commission would need to comply with the regulator’s cyber security rules, added Black Arrow.

The rules require boards to review their controls if there is a ‘trigger event’ which is defined as a ‘significant occurrence which would indicate that the licensee may be susceptible to a cyber security event’ including ‘a vulnerability announcement issued by a software or hardware provider’ and ‘international warnings of cyber security threats, vulnerabilities or incidents’.

Regulated firms were required to review and, importantly, to record their approach to cyber security.

A GFSC spokesman said: ‘Last month the commission published rules and guidance on the subject of cyber security. We expect firms to put in place robust policies and to notify us of any serious cyber security breaches.

‘The commission also recommends firms to regularly review the guidance issued by the National Cyber Security Centre.’

The centre has urged all organisations using affected versions of Microsoft Exchange Server to install the latest updates immediately.

If updates cannot be installed, recommended Microsoft mitigations should be implemented and, if that is not possible, the NSC recommends isolating the server from the internet.

  • More information is available here.