IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Exchange Server attacks increase 10 times in a week

US most attacked by hackers exploiting four zero-day vulnerabilities

Hackers have taken advantage of the slow patching and mitigation processes on Microsoft Exchange Servers, increasing their attacks 10 times between last Thursday and today.

That's according to Check Point Research, which claims the number of attempted attacks using these flaws has increased from 700 on March 11 to over 7,200 on March 15. The country most attacked has been the US (17% of all exploit attempts), followed by Germany (6%), the UK (5%), the Netherlands (5%), and Russia (4%).

The most targeted industry sectors have been government and military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%), and healthcare (6%), said researchers.

The attacks have been ongoing since the recently disclosed vulnerabilities on Microsoft Exchange Server. Orange Tsai (Cheng-Da Tsai) from DEVCORE, a security firm based in Taiwan, reported two vulnerabilities in January. On further investigation, Microsoft uncovered five more critical vulnerabilities.

According to Check Point Research analysts, the vulnerabilities allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server. Once a hacker gains control of an Exchange server, they can open the network to the internet and access it remotely, posing a critical security risk for millions of organizations, they warned.

The researchers said the “good news” about the attacks is only “highly skilled and well-financed threat actors are capable of using the front door to potentially enter tens of thousands of organizations worldwide.”

“While hacking the exchange server with zero days is quite impressive, the purpose of the attack and what cybercriminals wanted within the network is still unknown,” they added.

"Compromised servers could enable an unauthorized attacker to extract your corporate emails and execute malicious code inside your organization with high privileges," commented Lotem Finkelstein, manager of threat intelligence at Check Point. 

"Organizations who are at risk should not only take preventive actions on their Exchange [server] but also scan their networks for live threats and assess all assets."

Researchers recommended that organizations immediately update all Microsoft Exchange Servers to the latest patched versions available by Microsoft. They warned update is not automatic, and users must do it manually. According to researchers, if an organization hasn’t updated a server, it should assume it’s completely compromised.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022
Microsoft warns of new botnet variant targeting Windows and Linux systems
Security

Microsoft warns of new botnet variant targeting Windows and Linux systems

16 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022