Exchange Server attacks increase 10 times in a week

US most attacked by hackers exploiting four zero-day vulnerabilities

Hackers have taken advantage of the slow patching and mitigation processes on Microsoft Exchange Servers, increasing their attacks 10 times between last Thursday and today.

That's according to Check Point Research, which claims the number of attempted attacks using these flaws has increased from 700 on March 11 to over 7,200 on March 15. The country most attacked has been the US (17% of all exploit attempts), followed by Germany (6%), the UK (5%), the Netherlands (5%), and Russia (4%).

The most targeted industry sectors have been government and military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%), and healthcare (6%), said researchers.

The attacks have been ongoing since the recently disclosed vulnerabilities on Microsoft Exchange Server. Orange Tsai (Cheng-Da Tsai) from DEVCORE, a security firm based in Taiwan, reported two vulnerabilities in January. On further investigation, Microsoft uncovered five more critical vulnerabilities.

According to Check Point Research analysts, the vulnerabilities allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server. Once a hacker gains control of an Exchange server, they can open the network to the internet and access it remotely, posing a critical security risk for millions of organizations, they warned.

The researchers said the “good news” about the attacks is only “highly skilled and well-financed threat actors are capable of using the front door to potentially enter tens of thousands of organizations worldwide.”

“While hacking the exchange server with zero days is quite impressive, the purpose of the attack and what cybercriminals wanted within the network is still unknown,” they added.

"Compromised servers could enable an unauthorized attacker to extract your corporate emails and execute malicious code inside your organization with high privileges," commented Lotem Finkelstein, manager of threat intelligence at Check Point. 

"Organizations who are at risk should not only take preventive actions on their Exchange [server] but also scan their networks for live threats and assess all assets."

Researchers recommended that organizations immediately update all Microsoft Exchange Servers to the latest patched versions available by Microsoft. They warned update is not automatic, and users must do it manually. According to researchers, if an organization hasn’t updated a server, it should assume it’s completely compromised.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

What is Microsoft Edge? Everything you need to know
web browser

What is Microsoft Edge? Everything you need to know

22 Oct 2021
How to get help in Windows 10
operating systems

How to get help in Windows 10

22 Oct 2021
Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021