Hackers Tackle Microsoft Exchange Vulnerabilities Again


Patching Microsoft Exchange servers is an absolute must.

Attackers are actively searching for vulnerable Microsoft Exchange servers and abusing the latest line of Microsoft Exchange vulnerabilities that the software giant patched earlier this year.

This is according to Huntress. Last spring, cybercriminals used several zero-day exploits to attack on-premises Microsoft Exchange servers. Those who haven’t patched since April or May are not safe and could still be exploited.

John Hammond of the Hunter

Currently, Huntress has visibility into 1,300 unpatched and vulnerable Microsoft Exchange servers. In addition, he sent 370 incident reports for compromised servers.

To learn more about these Microsoft Exchange vulnerabilities, we spoke with John Hammond, senior security researcher at Huntress.

Channel Futures: Does this sound like a continuation or resurgence of the massive cyber attack on Microsoft Exchange servers earlier this year? If not, how is it different?

John Hammond: Fortunately, the attacks on Microsoft Exchange servers that we are currently seeing in August are not of the same size and scale as the ones we saw in March of this year. This is a new chain of attack, dubbed ProxyShell, which differs from the ProxyLogon vulnerability we saw earlier with the HAFNIUM threat. That is, this is not a continuation or resurgence of the previous attack, but we are seeing an increase in the number of compromised servers.

As of August 24, according to Shodan, 20,674 Exchange servers in the United States still have not been patched. That’s potentially a lot of ProxyShell carnage. Fortunately, this is not a centralized, coordinated and widespread attack like the one launched by HAFNIUM. But all the pieces of the puzzle are available and it could very well turn into this.

Scroll through our slideshow above to learn more about Huntress and other cybersecurity news.

Source link

Leave A Reply

Your email address will not be published.