Four zero-day vulnerabilities in Microsoft Exchange Servers have been linked to more than 30,000 cyber attacks taking place in the week following their discovery. Prior to the flaws being revealed, Chinese nation-state threat actors had already exploited them to infiltrate numerous companies and access their data. Even since a patch was released, many other threat groups have found success using the vulnerabilities (including in ransomware attacks). This rapidly drove up the number of daily attacks between 11 and 17 of March 2021: from 700 to 7,200. Compounding the problem are proof of concept (PoC) exploit codes published on GitHub, which cybercriminals quickly shared on forums. The widespread use of the servers and distribution of PoCs will likely lead to persistent targeting of unpatched Exchange Servers in the short-term future (one to three months).
Other content in this Stream
Cyber Threat Intelligence Solutions Guide
This guide outlines best practices for cyber threat intelligence and features resources to leverage when developing or improving your organization's cyber threat intelligence capabilities.
Cyber Threat Intelligence Resources
A compilation of some of our favorite readings, resources, and tools that relate to Cyber Threat Intelligence.
Weekly: Facebook Data Breach, Ransomware Cartel, and More!
ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence.
Weekly Intelligence Summary 09 April
A user of the cybercriminal forum RaidForums has offered 533 million records of Facebook user data for only a few US dollars.
Digital Shadows and the Intelligence Cycle
This illustration of the intelligence cycle will allow you to see what we do at each stage of the cycle to ensure we effectively answer stakeholder requirements.
Weekly: It’s A Ransomware Round-Up - CNA , Clop, and Much More!
ShadowTalk hosts Stefano, Dylan, Kim, and Chris bring you the latest in threat intelligence.
Weekly Intelligence Summary 02 April
Insurance provider CNA Financial has announced it was targeted in a cyber attack, later confirmed as involving the newly identified “Phoenix Cryptolocker” ransomware.
Weekly: More on Microsoft and Acer Receives $50 Million in Ransom Demands
ShadowTalk hosts Alec, Austin, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence.
Weekly Intelligence Summary 26 March
The new Internet of Things (IoT) botnet ZHtrap has been turning devices it has infected into honeypots, in a novel technique that highlights yet another risk presented by exposed IoT devices.
Special: Creator of Zero Trust John Kindervag Talks Origins and the Future of Zero Trust!
Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest John Kindervag, creator of Zero Trust and Senior Vice President, Cybersecurity Strategy at ON2IT Cybersecurity.
Weekly: Ransomware Resurgence - The Return of FIN8, DarkSide, and More!
ShadowTalk hosts Stefano, Adam, Kim, and first-timer Chris bring you the latest in threat intelligence.
Initial Access Brokers Report
Initial access brokers are benefitting from a rise in adoption of remote access software. This Initial Access Brokers Report analyzes this phenomenon and what it means for security practitioners.
Weekly: Supply Chain Compromise Round-Up - Microsoft, Verkada, and More!
ShadowTalk hosts Alec, Ivan, Charles, and Austin bring you the latest in threat intelligence. This week they cover: - The team discuss HAFNIUM and Microsoft Servers Exchange - Updates on the...
Weekly Intelligence Summary 12 March
A new round of software attacks has raised another red flag concerning supply-chain security and the prevalence of third-party supply-chain targeting.
Threat Intelligence Can Be Noisy: SearchLight Helps
Let’s start with a scenario. You’ve finally convinced the business to begin the journey of building up a threat intelligence ...
1:06Silence the Noise | Digital Shadows
Threat intelligence is noisy. Tune out the noise with Digital Shadows. Visit www.digitalshadows.com to schedule a demo today!
Weekly Intelligence Summary 26 February
The People’s Republic of China-linked advanced persistent threat group “APT31” reportedly cloned and deployed a zero-day exploit developed by NSA's Equation Group in 2013.
Weekly: When Initial Access Brokers Attack
ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intelligence.
Weekly: Egregor Arrests, SIM-Swapping, and Oldsmar Updates!
ShadowTalk hosts Stefano, Adam, Dylan, and Kim bring you the latest in threat intelligence.