The attack on Microsoft Exchange Server is still classified as business-critical by the Federal Office for Information Security (see German security warning) and is still causing great uncertainty among companies. Meanwhile, additional hacker groups are focusing on the vulnerability which means that attack methods continue to vary and the threat situation is becoming increasingly complex.
There are security updates to fix the vulnerability. However, how do companies get information about their threat situation?
Of course, system administrators should immediately install the security updates provided by Microsoft. It is important though to conduct further security checks. This is the only way to learn whether hackers have already been active. If your IT systems were already compromised before the updates were applied, attackers can also gain access in the future through built-in backdoors or further extend their attack. Therefore, you should immediately check the following:
- Are your systems affected by the vulnerability?
- Has the vulnerability already been exploited on your systems and have any traces been covered up?
- Are attackers currently active in your systems?
- Have backdoors or remote shells been installed on your servers?
Act quickly – We are here for you
We provide you with quick answers by performing a THOR forensic scan. This pragmatic process approach identifies the vulnerability, shows whether it has already been exploited and indicates if hackers have created backdoors. You quickly gain clarity and can act accordingly. An extensive IT forensic investigation only makes sense in cases of a well-founded suspicion.
Contact us, we are happy to help you.