Managed services provider Rackspace experienced a security incident that caused an outage of its hosted Exchange environment. As of early morning (EST) Monday, December 5, Rackspace says they “have successfully restored email services to thousands of customers on Microsoft 365 and continue to make progress on restoring email service to every affected customer. At this time, moving to Microsoft 365 is the best solution for customers who can now also implement temporary forwarding.
Last week I gave a lunchtime talk on Capitol Hill to Congressional aides who were involved in writing cybersecurity policy and one of the questions was “Wouldn’t all of this be solved if everything were run in the cloud, like Netflix and Amazon?” After all, a short “spinny circle of death” delay in video seems much better than what happened at the Colonial Gas Pipeline… Good to use example like Rackspace’s woes to make sure backup plans are in place and tested and that management understands that security issues really don’t change that much whether the computers are in our buildings or in the cloud’s buildings.
Rackspace is providing support to either migrate to MS 365 or forward your email to another domain. Migrating to MS 365 is going to be the most familiar option, and Rackspace is providing archive copies of inboxes to customers for import into MS 365. Note that with either option there may be email "in flight" which may need to be resent as it is queued and waiting to be delivered. When migrating make sure you implement needed security settings such as MFA, ATP, leverage the Microsoft 365 Defender and Microsoft Purview compliance portals to make sure you aren't missing anything.
This may be one of the most interesting security incidents in a while. Rackspace’s business model is in reselling its hosted solutions. In this case, they have done what, in my opinion, is the right thing. They have started to request customers move over to the Microsoft 365 service. Rackspace has possibly a better change of rolling out patches quickly in their environments, but let’s face it, Microsoft is more in control of the source code of exchange than we are, and they may even start rolling out patches before anyone else.
Not a good day, week, or month to come for Rackspace. Hopefully, once systems have been restored and user operation back to normal, Rackspace will fully share details of the event – to include what security applications were in place and operating. We all can learn from this unfortunate cyber incident.
Read more in
Rackspace: Hosted Exchange Disruption
Bleeping Computer: Rack-space: Ongoing Exchange outage caused by security incident
Gov Infosecurity: Rackspace Hosted Exchange Still Offline Over Security Issue