Cyberattackers are taking full advantage of slow patch or mitigation processes on Microsoft Exchange Server with attack rates doubling every few hours.
According to Check Point Research (CPR), threat actors are actively exploiting four zero-day vulnerabilities tackled with emergency fixes issued by Microsoft on March 2 — and attack attempts continue to rise.
In the past 24 hours, the team has observed “exploitation attempts on organizations doubling every two to three hours.”
The countries feeling the brunt of attack attempts are Turkey, the United States, and Italy, accounting for 19%, 18%, and 10% of all tracked exploit attempts, respectively.
Government, military, manufacturing, and then financial services are currently the most targeted industries.
Palo Alto estimates that at least 125,000 servers remain unpatched worldwide.
The critical vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) impact Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
Microsoft issued emergency, out-of-band patches to tackle the security flaws — which can be exploited for data theft and server compromise — and has previously attributed active exploit to Chinese advanced persistent threat (APT) group Hafnium.
This week, ESET revealed at least 10 APT groups have been linked to current Microsoft Exchange Server exploit attempts.
On March 12, Microsoft said that a form of ransomware, known as DearCry, is now utilizing the server vulnerabilities in attacks. The tech giant says that after the “initial compromise of unpatched on-premises Exchange Servers” ransomware is deployed on vulnerable systems, a situation reminiscent of the 2017 WannaCry outbreak.
“Compromised servers could enable an unauthorized attacker to extract your corporate emails and execute malicious code inside your organization with high privileges,” commented Lotem Finkelsteen, Manager of Threat Intelligence at Check Point. “Organizations who are at risk should not only take preventive actions on their Exchange, but also scan their networks for live threats and assess all assets.” Here is the story:
https://www.zdnet.com/article/microsoft-exchange-server-hacks-doubling-every-two-hours/
** Optrics Inc. is an Authorized KnowBe4 partner
The world’s largest library of security awareness training content is now just a click away!
In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world’s largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.
You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.
Here’s how it works:
- Interactive training modules
- Compliance modules
- Videos
- Trivia Games
- Posters and Artwork
- Newsletters and more!
Find out how affordable new-school security awareness training is for your organization. Get a quote now.
The original article can be found here:
https://blog.knowbe4.com/microsoft-exchange-server-hacks-doubling-every-two-hours-zdnet