Black Arrow Cyber Advisory 07/12/2022 – Rackspace Security Incident
Executive Summary
Rackspace, a cloud solutions provider, announced on the 02 December that their Hosted Exchange environment was experiencing connectivity issues, and later advised that they had shut the environment down. In an unprecedented move, they then advised clients to migrate to Microsoft 365 to send and receive emails until further notice. Rackspace later confirmed on the 06/12/2022 that the suspicious activity was a ransomware incident, and at current there is no timeline on the restore of the hosted exchange environment. At this stage Rackspace have not confirmed if customer data has been compromised, however the organisation believes that the incident is isolated to only affect their exchange online environment.
Indications are present that the Exchange Servers may not have been up to date on security patching, including updates that address two actively exploited zero-days discovered in October 2022.
What’s the risk to me or my business?
Until Rackspace release more details, it is difficult to ascertain if a malicious party has gained access to customer emails stored within the hosted exchange environment. Customers are advised to follow Rackspace’s procedures for migrating to M365 Exchange Online, in order for email services to be supplied during this outage.
What can I do?
If your email services are hosted with Rackspace, then the organisation should have already been in contact to assist with the transfer to M365 Exchange Online. Rackspace also recommend that an email forwarding redirect is enabled while the migration is taking place to allow for emails to be received by an external email address. While this will allow for email to be received, it is important to highlight the potential security risks of accessing and sending email outside of the corporate email environment, and extra precautionary measures should be taken.
Further information on this security incident be found here: https://status.apps.rackspace.com/index/viewincidents?group=2&_gl=1*1mrlqxb*_ga*MTk4MjM3MTEwNi4xNjcwNDA1Nzkw*_ga_P5J3XFCZLB*MTY3MDQxMDgwNC4yLjAuMTY3MDQxMDgwNC4wLjAuMA..&_ga=2.90554394.1824554204.1670405790-1982371106.1670405790
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity