If you are not already familiar with the story, Rackspace is a cloud provider recently hit by a ransomware attack. It disrupted their customers’ ability to access their email accounts because the ransomware targeted the Hosted Exchange environment. After weeks of mitigation and moving customers over to Microsoft 365 to restore email communication, there remain questions about what happened, what will be the continuing ramifications of it, and what lessons should be learned from the incident.
Our CTO Todd Ellis addresses all these concerns.
Chief Technical Officer
What We Know About the Rackspace Outage
On Friday, December 2, 2022 at 01:49 AM CST, Rackspace became aware of an incident that occurred in in its hosted Microsoft Exchange environment. The services affected included MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA). All of these are interfaces for accessing Hosted Exchange to manage email accounts online. According to Rackspace, the issue was localized strictly to a segment of their Hosted Exchange platform. Seven more updates were published before at 7:19 PM on the same day before they conceded that it would be best to move to Microsoft Office 365.
For their impacted customers, Rackspace has provided complimentary Microsoft Exchange Online Plan 1 licenses until the incident resolves, with comprehensive instructions about how to activate the free licenses and how to migrate mailboxes to Microsoft 365. Customers are encouraged to review the information as soon as possible if they have not already done so.
However, in their attempts to receive answers about the incident, some Rackspace customers report that they faced long wait times and limited customer service. On Saturday, December 10, 2022, Rackspace released another update stating that they continue to work hard to provide the best support possible for its customers during the migration process. In the update, Rackspace reported that as of Friday, December 9, more than two-thirds of their customers utilizing the Hosted Exchange environment had been successfully reconnected to their emails. Yet as of the publication of this article there are customers still waiting on their exchange mailbox data.
What Can We Learn from the Rackspace Outage?
The incident at Rackspace reminds all companies of the importance of having a comprehensive cybersecurity plan. While it remains unclear whether or not the ransomware attack could have been prevented, this incident illustrates how critical it is to have a plan in place that can quickly address and recover from an attack.
The Rackspace incident also serves as a reminder of the importance of having reliable backups. While it is unclear whether or not Rackspace had adequate backups in place at the time of the incident, it is a reminder that all organizations should ensure that they have appropriate backups of their critical systems to minimize any potential downtime or data loss. This incident also emphasizes the importance of organizations understanding their responsibility for data security.
Organizations must understand their data security obligations as part of their IT risk management strategy and ensure appropriate measures are taken to protect customer data. There is no guarantee existing data in the Rackspace environment can be recovered. Customers should therefore plan for a transition without their previous data and look into alternative methods to retrieve any significant information. Small businesses and businesses that lack the proper resources to invest in security often suffer more from these types of security threats.
For example, businesses that lose data due to an outage or other security incident will typically endure a significant financial risk. Organizations could pay large sums of money to their customers and other parties without a robust data security strategy to mitigate the risk of financial loss due to data breaches and other incidents.
Also, organizations can suffer significant reputational damage without backups of emails, customer data, and other important information. Some organizations never recover from an incident, especially if customer data is compromised. Therefore, businesses of all sizes must understand the value of their data and ensure that it is stored securely.
The Increase in Ransomware Attacks Further Highlights the Need for Response Plans
For any professional tasked with guaranteeing the dependability of vital cloud infrastructure, this is an excellent time to assess the use of existing hosting and reinforce incident response (IR) and disaster recovery (DR) strategies to be prepared for any outages or incidents. This proactive step will help ensure businesses are equipped with the best protection against potential issues.
Businesses should also consider their overall risk profile and ensure that the necessary measures are in place to protect their data and applications adequately. Business leaders should ensure that the appropriate staff has been trained to handle any incidents quickly and efficiently if they do occur. By proactively preparing, businesses can be confident that they have a comprehensive plan to help protect their cloud infrastructure.
Your IR and DR plans should account for scenarios in which your cloud provider is unavailable. Significant incidents involving cloud providers are rare, but they can still occur. Preparing for outages, even minor ones like normal service interruptions or tenant-level compromises, is essential. All IR and DR plans should factor in these risks and include procedures to mitigate their impacts.
Additionally, a disaster recovery plan should have failover mechanisms to ensure continuity of service in the event of an outage. Comprehensive monitoring of cloud services is also important to ensure that any interruptions are quickly identified and addressed.
Questions to Answer While Creating Your Response Plans
Thinking and planning ahead can make all the difference when incidents occur. When creating your response plans, be sure to answer these questions:
- What steps should be taken in the event of a ransomware attack?
- What measures can be put into place to protect customer data?
- What backup measures should be taken to minimize downtime?
- Are all staff members adequately trained in incident response and disaster recovery protocols?
- What steps should be taken to ensure continuity of service if a cloud provider is unavailable?
- How will monitoring be used to identify and address outages?
- What communication strategies should be employed to update stakeholders on the status of an incident?
A clear and comprehensive response plan will help ensure that your organization is ready to face any potential challenges and minimize their impact. By planning and by staying up to date on the latest security measures you can ensure that your data and operations remain secure. Answering the above questions will help you create a plan to protect your business and customers against potential threats.
Protecting Your Data From Security Threats
Organizations and individuals must proactively protect their data from various security threats. Common threats include ransomware, malware, phishing scams, viruses, and denial-of-service attacks. Businesses should ensure that all of their systems are updated with the latest security patches and software updates. They should also develop a culture of security to ensure that all staff members understand best practices for data protection.
Additionally, organizations should implement strong authentication measures, such as two-factor authentication, to help protect against malicious actors. Businesses should also ensure that their data is securely backed up and stored in an offsite location. This is important in case of a security incident, as it ensures that data can be quickly recovered without starting from scratch. Businesses can be confident that they have taken the appropriate measures to secure their cloud infrastructure by taking the necessary steps to protect their data.
The Rackspace incident understandably caught its customers off guard. However, it also serves as a reminder of the importance of being prepared for any potential outages or security incidents. One outage can have devastating consequences for an organization, so it is important to ensure that your cloud infrastructure is secured and prepared for any eventuality.
Backing up your data can protect your business from security threats such as:
- Data deletion
- Legal liability
- Reputational damage
- Financial loss
The incident at Rackspace highlights the importance of proper planning and preparation for any security incident. A good response plan should include a comprehensive assessment of the organization’s security posture, risk management strategies for identifying and addressing threats, and a tested and proven incident response process. It should also include a robust capability to detect suspicious activity, investigate incidents, and report findings.
When you review your response plan, will you be confident that your business is ready to face any security incident? With the right tools, people, processes, and technology in place, your organization can be confident that it is prepared to respond quickly and effectively in the face of cybersecurity incidents. The key is planning, preparing early, and staying ahead of the ever-evolving threat landscape.
If you have a 2023 resolution to strengthen the fundamentals of your business, and if a more resilient, secure, and functional network is a part of that vision, then call Secure Networkers at 281-651-2254 or reach out to us by email with your questions. We will be glad to help.