Exchange Server attacks increase 10 times in a week

US most attacked by hackers exploiting four zero-day vulnerabilities

Hackers have taken advantage of the slow patching and mitigation processes on Microsoft Exchange Servers, increasing their attacks 10 times between last Thursday and today.

That's according to Check Point Research, which claims the number of attempted attacks using these flaws has increased from 700 on March 11 to over 7,200 on March 15. The country most attacked has been the US (17% of all exploit attempts), followed by Germany (6%), the UK (5%), the Netherlands (5%), and Russia (4%).

The most targeted industry sectors have been government and military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%), and healthcare (6%), said researchers.

The attacks have been ongoing since the recently disclosed vulnerabilities on Microsoft Exchange Server. Orange Tsai (Cheng-Da Tsai) from DEVCORE, a security firm based in Taiwan, reported two vulnerabilities in January. On further investigation, Microsoft uncovered five more critical vulnerabilities.

According to Check Point Research analysts, the vulnerabilities allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server. Once a hacker gains control of an Exchange server, they can open the network to the internet and access it remotely, posing a critical security risk for millions of organizations, they warned.

The researchers said the “good news” about the attacks is only “highly skilled and well-financed threat actors are capable of using the front door to potentially enter tens of thousands of organizations worldwide.”

“While hacking the exchange server with zero days is quite impressive, the purpose of the attack and what cybercriminals wanted within the network is still unknown,” they added.

"Compromised servers could enable an unauthorized attacker to extract your corporate emails and execute malicious code inside your organization with high privileges," commented Lotem Finkelstein, manager of threat intelligence at Check Point. 

"Organizations who are at risk should not only take preventive actions on their Exchange [server] but also scan their networks for live threats and assess all assets."

Researchers recommended that organizations immediately update all Microsoft Exchange Servers to the latest patched versions available by Microsoft. They warned update is not automatic, and users must do it manually. According to researchers, if an organization hasn’t updated a server, it should assume it’s completely compromised.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Study finds companies are mishandling cyber security recruitment
cyber security

Study finds companies are mishandling cyber security recruitment

28 Jul 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

28 Jul 2021
Google launches new bug bounty platform
ethical hacking

Google launches new bug bounty platform

28 Jul 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021