Cyberattacks abusing the recently discovered ProxyLogon vulnerabilities in Microsoft Exchange servers are increasing drastically with every passing day. Security researchers at F-Securediscovered tens of thousands of attacks targeting businesses, around the world, which are still vulnerable to Microsoft Exchange Server vulnerabilities.
A wild tornado on loose
In early-January, Microsoft was first alerted about these vulnerabilities being exploited by cybercriminals. Later, within a few days, multiple threat actors started exploiting these vulnerabilities.
A top U.S. cybersecurity official stated that thousands of Exchange servers are still compromised to malicious attacks even after applying fixes. This is because the patches only close the door for new attacks, however, these won't evict a hacker from an already compromised system.
Moreover, there are still 10,000 vulnerable and unpatched systems in the U.S.
The Chinese cyber-espionage unit Hafnium has victimized at least 30,000 U.S. organizations, seizing hundreds of thousands of Exchange mail servers around the world.
Black Kingdom ransomware has been targeting Exchange Server victims located in Canada, Austria, Switzerland, Russia, France, Israel, the U.K, Italy, Germany, Greece, Australia, Croatia, and the U.S.
Looking at the rapid speed of propagation of Exchange server-based attacks, it is to be noted that attackers are proactively trying to get their hands dirty in this global security fiasco. Therefore, to mitigate such threats, organizations should remain vigilant and proactively upgrade their security defenses. Also, training employees on cyber readiness makes it a shared responsibility, benefitting only the firms at the end.