Like all computer systems, Skype for Business is vulnerable to cyberattack. Let’s talk about how to prevent one from happening.

What a Skype for Business Cyberattack Can Look Like

Skype for Business Down
We lost Skype AND email?!

Unfortunately, real-life circumstances prompted this post. We recently had to help a customer deal with a ransomware infection that affected most of their servers. (I’ll keep details private of course.)

The customer called us in a panic. They’d lost email, Skype for Business, and several client desktops. Someone had clicked a phishing link & triggered a Locky infection. We did have some backups available, but wound up having to wipe/replace a couple systems.

While this wasn’t the first time we’d helped resolve a ransomware infection, it was the first time the ransomware hit someone’s Skype for Business Server. I’m not sure the exact route Locky took to reach it, but I believe it got in via an abandoned administrator’s account. They had a systems admin leave the company a few months prior—but they hadn’t shut off his account!

The aftereffects: Four days of lost business, a bunch of angry clients, unknown number of emails lost, thousands spent on emergency support and replacement IT hardware.

(At least they didn’t have to pay the ransom on top of all that!)

Where Malware Can Reach Skype for Business

Skype4B isn’t just vulnerable through its Internet connection. As our example shows, it’s vulnerable from client-level too.

Here are the routes most malware/ransomware would take to reach & infect yours:

  • Front End Server. Where Skype4B lives.
  • Exchange Server. The server with which Skype4B interacts most often…which means the most potential routes for malware to take.
  • File Share. A BIG vulnerability. A shared folder through which users exchange files? It only takes one infected file, and your entire deployment’s in trouble.
  • End User Devices. Not just desktops/laptops now…even phones can carry malware into the office.

Malware Reaching Skype for BusinessNow we know where to watch. What kinds of protections do we put in place?

8 Ways to Protect your Skype for Business Server from Malware/Ransomware

1. Limit the number of Skype for Business admins.
Good admin practice extends to Skype for Business. Create ONLY the fewest number of administrator accounts as you need to manage the system. This includes admin accounts for all of the physical AND virtual servers on which Skype for Business runs.

2. Lock down permissions to the file share.
Controlling the file share’s permissions plugs that hole inside your Skype for Business Server. This blog post illustrates how to lock down the permissions: Keeping your Lync/Skype Business Environment safe from Ransomware – Enabling Technologies

3. Use intelligent routing in your perimeter network.
Restrict open ports on your Edge Server and Reverse Proxy to only those needed for Skype for Business traffic. Here are the port and protocol requirements.

4. Keep the Skype4B Server and its server components up-to-date.
Are you up to the March 2018 Cumulative Update? If not, here’s the download link: Skype for Business Server 2015 Cumulative Update KB3061064 – Download Center
Don’t forget the security patches & updates for your Windows Server as well. If nothing else, the security patches help keep those servers safe.

5. Secure all email servers with anti-malware software & monitoring.
Your Exchange Servers should have anti-malware protection too. The easiest method, of course, is to use a network-wide security gateways from providers like Sophos or F5.

6. Disable Office macros company-wide.
Not many malware apps use macros anymore. But that doesn’t mean it’s impossible. Use a Group Policy to block macros and forget about it.

7. Educate users about phishing/ransomware emails.
If you only do one of these, make it this one. User education goes further to prevent malware infections than any other factor. Users are typically the “weakest link” in cybersecurity…but it only takes some training to make them stronger.

(By the way—we offer cybersecurity education for businesses in the SF Bay Area. Just saying.)

8. Keep current backups.
Always, always keep backups! All servers should have two sets of automatic backups running…one kept on-site in case of a crash, and one kept off-site in case of malware infection. You probably do this already. But it’s too important to take for granted.

—-

“What if we use Skype for Business Online?” you might ask. Well, Microsoft has pretty decent security protections built into Office 365. But you can always make it better.

As Teams and Skype for Business are still on the path to merging, I don’t want to speculate too much on the anti-malware precautions you must take. That said, these stalwarts should always figure into your office’s IT infrastructure:

  • Limit the number of Office 365 admins
  • Use perimeter network protections
  • If you run a hybrid configuration, secure the on-prem server to the same level as your other servers
  • Educate users about phishing/ransomware
  • Keep current backups

Frustrated System AdminIf you’re already Teams users, strengthen Teams’ security with our post from December: 3 Ways to Protect Teams Users from Malware-Infected Files.

Don’t Make Skype for Business the Weak Link in Your Office’s Cybersecurity

It’s always harder to secure a server (any server!) after it’s already running. People don’t want to lose the service, even for a moment. If security updates cause an outage…well, we’ve all heard that particular scream, haven’t we?

That said, 15 minutes of downtime beats 4 days of lost business any day.

There are many layers to protect in Skype for Business: The Windows Servers on which it runs, the perimeter network, the Front End pool, inter-network traffic, and client devices. But, think of it this way…either you find the security holes, or a malware infection will.

Have you ever experience a malware infection on your Skype for Business Server? Please share your experience in the comments.

How to Prevent Malware Infections via Skype for Business
Facebooktwittergoogle_plusredditlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.