Rackspace Hosted Exchange Down Due to Security Incident

Rackspace Hosted Exchange Down Due to Security Incident

Today, we are going to discuss what is going on over at Rackspace. Over the weekend, another cloud provider, and in this case, it happened to be companies, mostly small, medium-sized businesses that host their Exchange email not with Microsoft… many of you may be familiar with M365 or O365 and that is how you get your email. These services were the precursor to that where third-party companies would set up their own hosted Exchange service. Rackspace happened to be one of the companies who had done that over the years, and they have been doing it for many, many years. 

What Is Going On With Rackspace?

So, there’s a couple of things happening here that are important. Just going to go through what is happening, where we are at, and if you do happen to use Rackspace, maybe where you can get some help. Number one, the issue is that there is a security incident and Rackspace, rightfully so, is being very tight-lipped about what the security incident happens to be. A lot of security researchers out there believe that there may have been some type of incident or an attack around the fact that potentially Rackspace was not patching their Exchange servers. If you watch our YouTube channel or pay attention to cybersecurity at all you know in the last year, there have been many Exchange vulnerabilities that were patched or needed to be patched, causing a lot of havoc for a lot of companies for about 18 months (about 1 and a half years) now. 

Although, some security researchers used a tool called Shodan. Anybody can access this search engine to get information about things that are connected to the internet. So, they discovered that the servers were not patched. At least, from what the Shodan information was showing on their site was correct, these were running a version of Exchange where it had prior to when the patch was released. So, that is an immense potential concern, but quite frankly, it is not something that experts are surprised about. These are things that we see all the time, and security researchers bang their hand against their head going, "How can this happen? What is going on here?" But the reality of it is that is where we could be. 

The other thing that is being thrown around is potentially that there was no actual breach. Potentially cyber criminals got so far, and they were detected, and Rackspace, as a precaution, decided to shut their service down so they did not have a bigger problem on their hands. This is a scenario, but highly unlikely that there was not some breach in terms of a third party getting in or getting access to stuff, information, or data that they should not have. So that's kind of what happened. They decided, "Hey, we're going to shut down this service." 

What Should You Do? 

Moreover, a couple other things that are going on right now should be covered. One of those things is they are potentially recommending that you move to M365. You are saying, "Why would they do that?" Well, they sell the licenses for M365, and a lot of these hosted Exchange service vendors have moved to a model where they just resell the Microsoft products instead of running them themselves. So, that is exactly what happens over at Rackspace. You can buy Microsoft licenses directly from them and that is what they want you to do. They want you to migrate your data over to their platform, or host your licenses with them, or pay for your licenses through them, plus get your data out of an environment that is potentially not secure. It is a win-win for them if they can keep you as a customer on the license realm and get you off hosted Exchange. Many of these hosted Exchange providers are telling their customers that they need to move away from this product because Microsoft is telling them, "You need to move away from this product." 

The big deal that experts are hearing about is that small and medium-sized businesses who do not have technical people on staff are really struggling with this problem. Also, you are talking about tens of thousands of businesses that use Rackspace for their hosted Exchange. While some do have technical talent available to them to help them migrate their data to Office 365, a lot of them do not, and a lot of them are very frustrated today because they cannot get their email. The instructions for migrating provided by Rackspace are overly complex or they are more than what the average bearer can handle. So, a lot of these businesses are struggling to just go with the recommended steps that Rackspace is providing. It is adding to the frustration on top of the fact that Rackspace is being inundated with support calls and getting support for help is taking five, six, seven hours even for somebody to even pick up the phone and start talking to you. Cyber experts hear that many of these calls are ending up in places where they are being disconnected. Frustration is extremely high with Rackspace customers right now. 

What we want to keep in mind is it does not matter who the vendor is. Today, it is Rackspace. On our YouTube channel we discuss cyberattacks all the time, so we tend to see these types of third-party cloud providers being attacked more frequently. The ramifications of a lot of these, think about Kronos and ScheduleFly, two that come to mind where it really hurt businesses because their services or their software that is in the cloud is not available. Therefore, when Xact IT Solutions Inc. talk to these businesses, we discuss with them what the critical pieces of software or pieces of cloud applications that is needed to run their business. The email is going to be right up there at the top of the list for 99.9% of the businesses, right? 

Then think about all the other applications you use daily and what would happen if they were not available because they had an incident like we are seeing at Rackspace. So therefore, in your business continuity plan, you must plan for these types of things going down and have a plan for backing up your system. Now, the other thing that Rackspace is offering their customers is a way to have email redirected to another email address, like a Gmail account or something like that. You can contact their support if you can get ahold of them, and they can redirect your emails to another account temporarily while they work through these issues. 

How to Reach Out?

If you are one of those businesses mentioned that are struggling with the migration of the Rackspace email box to Microsoft, Xact IT Solutions highly recommends that you reach out to a professional, a company like ours or another IT company that you trust, to get that done for you. It is not as simple as they make it to be. So, it is important that you contact somebody soon because the sooner you contact somebody, the quicker you can get in the queue and the quicker you can start having the data move. Because, at the end of the day, no matter what path you choose, you still must contact Rackspace support, which is difficult to get ahold of at this time. 

So, that is really it with Rackspace. There is nothing from a cybersecurity or cybercriminal standpoint that is salacious and sexy about what is going on here. It is simple, "We noticed something was going on, or we detected something, or we know something was happening from a security standpoint, and our decision was we're going to just shut down the service." Unfortunately, it left a lot of businesses this Monday morning on December 5th and through the weekend out without email and really hampered their ability to conduct business. A lot of them cannot conduct business at all right now. 

So, think about it. If your email were down, how would that impact your business? Make sure that you learn from this. If you are not a Rackspace customer, Microsoft can go down one day. So, do not just believe and tell yourself a story where you think because you are with Microsoft, Google, or Gmail that you will never have a problem like this. You absolutely will, and you absolutely need to plan for a backup way to get to your email if one of these services goes down. There are plenty of solutions around this to make sure that you have a redundant backup to your cloud email service and things like that. If you have any questions, hit them in the comments or reach out to our company, Xact IT, the website is xitx.com.