• Office of the Comptroller

Cybersecurity Alert for “on-premises” Microsoft Exchange Email Servers

The Executive Office of Technology Services and Security (EOTSS) has issued an alert about a targeted attack on “on-premises versions of Microsoft Exchange Servers”. Cloud-based servers appear not to be affected.


Government entities at all levels that are using on-premises Microsoft Exchange mail servers may have been affected, even if there are no immediate systemic symptoms. It is thought that the attackers have embedded malicious files that will be accessed at a later time.


If your department uses an on-premises Microsoft Exchange mail server please take appropriate steps including obtaining outside experts to evaluate your servers and perform the recommended remediation.Statewide Contract (PRF56DesignatedOSC) has pre-screened cyber and data security vendors available to provide assistance with cyber incident response plans, risk assessments, penetration testing, emergency incident management, forensics, and Payment Card Industry (PCI) compliance.


Cyber criminals are becoming increasingly sophisticated, so departments should be vigilant with patching, protecting, detecting threats, and training on cyber awareness.


In addition to your normal incident response protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks or if you need assistance with internal controls.


VISIT THE CTR CYBER CENTER


37 views0 comments

Recent Posts

See All

OFFICE OF THE COMPTROLLER OF THE COMMONWEALTH

William McNamara, Comptroller of the Commonwealth

One Ashburton Place, 9th Floor, Boston MA 02108

comptroller.info@mass.gov

For your protection, please do not email personal information (e.g. Social Security Number, Bank Account Number, Passwords).

For assistance, please call us at

(617) 727-5000

  • Twitter
  • Facebook
  • LinkedIn
  • Instagram