Colonial Pipeline attack linked to Microsoft Exchange Server

"After months of Microsoft Exchange drama thanks to the Microsoft Exchange Server hacks at the hands of multiple groups, including state-sponsored Chinese hacker group Hafnium, it seems the MS product is back at the center of controversy. This time, it's being linked to the Colonial Pipeline ransomware attacks and subsequent halting of Eastern U.S. oil supplies.

As spotted by The New York Times' cybersecurity reporter Nicole Perlroth, a forensic finding made during an evaluation of Colonial Pipeline noted numerous blind spots that could have led to the security breach, with the "most likely culprit" being vulnerable Microsoft Exchange services."

Reducing your odds of being hacked by half is a simple, three-step process: 1) Back up all of your important documents; 2) Throw any Microsoft OS, email, or server software you own in the trash, and 3) Reformat your hard disk with any other OS, email, or server software.

Since the 1980s Microsoft operating systems have been "accidents" waiting to happen - or more accurately, carelessness waiting to be exploited. Now, when I'm contacted by companies seeking a custom production management or inventory control system, I ask them which operating system their company uses. If it's Microsoft Exchange Server, I thank them for their interest and politely decline.

If they ask why, I ask how much they would pay a ransomer to regain access to all of their valuable data, and whether it would be worth it to switch OSes now or later, after $millions in ransom have been paid. The conversation usually ends soon thereafter, but hopefully I've planted a seed. There's no amount of money I can be paid to work with Exchange Server, or any MS database product. Poorly designed and poorly maintained, they're "accidents" waiting to happen.