Four zero-day vulnerabilities in Microsoft Exchange Servers have been linked to more than 30,000 cyber attacks taking place in the week following their discovery. Prior to the flaws being revealed, Chinese nation-state threat actors had already exploited them to infiltrate numerous companies and access their data. Even since a patch was released, many other threat groups have found success using the vulnerabilities (including in ransomware attacks). This rapidly drove up the number of daily attacks between 11 and 17 of March 2021: from 700 to 7,200. Compounding the problem are proof of concept (PoC) exploit codes published on GitHub, which cybercriminals quickly shared on forums. The widespread use of the servers and distribution of PoCs will likely lead to persistent targeting of unpatched Exchange Servers in the short-term future (one to three months).

×
Want these
Threat Intelligence reports sent straight to your inbox?
Subscribe below!
Thank you!
Error - something went wrong!
Most Recent Flipbooks
Weekly Intelligence Summary 21 October
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Weekly Intelligence Summary 14 Oct
Main story: Hacktivists fan flames of Iranian anti-regime protests
Weekly Intelligence Summary 07 Oct
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Weekly Intelligence Summary 30 Sept
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Weekly Intelligence Summary 23 Sept
Main story: Uber compromised by Lapsus$'s resurgence
Weekly Intelligence Summary 16 Sept
Main story: Cyber attacks shock the Italian energy sector
Weekly Intelligence Summary 09 Sept
Main story: Back to school for students and ransomware groups
Weekly Intelligence Summary 02 Sept
Main story: LastPass suffers source code data breach