Cyberattacks abusing the recently discovered ProxyLogon vulnerabilities in Microsoft Exchange servers are increasing drastically with every passing day. Security researchers at F-Secure discovered tens of thousands of attacks targeting businesses, around the world, which are still vulnerable to Microsoft Exchange Server vulnerabilities.
A wild tornado on loose
In early-January, Microsoft was first alerted about these vulnerabilities being exploited by cybercriminals. Later, within a few days, multiple threat actors started exploiting these vulnerabilities.
- A top U.S. cybersecurity official stated that thousands of Exchange servers are still compromised to malicious attacks even after applying fixes. This is because the patches only close the door for new attacks, however, these won't evict a hacker from an already compromised system.
- Moreover, there are still 10,000 vulnerable and unpatched systems in the U.S.
- The Chinese cyber-espionage unit Hafnium has victimized at least 30,000 U.S. organizations, seizing hundreds of thousands of Exchange mail servers around the world.
- Black Kingdom ransomware has been targeting Exchange Server victims located in Canada, Austria, Switzerland, Russia, France, Israel, the U.K, Italy, Germany, Greece, Australia, Croatia, and the U.S.
A one-click solution
Microsoft has released a one-click mitigation tool to protect Exchange servers vulnerable to cyber attacks.
- The tool mitigates the threat posed by four actively-exploited vulnerabilities. In addition, it has URL rewrite mitigation for CVE-2021-26855 that leads to remote code execution attacks.
- The tool easily works on existing Exchange servers and includes Microsoft Safety Scanner.
- Microsoft already released an Exchange security update earlier in March to patch the vulnerabilities.
Looking at the rapid speed of propagation of Exchange server-based attacks, it is to be noted that attackers are proactively trying to get their hands dirty in this global security fiasco. Therefore, to mitigate such threats, organizations should remain vigilant and proactively upgrade their security defenses. Also, training employees on cyber readiness makes it a shared responsibility, benefitting only the firms at the end.