IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Exchange Server attacks increase 10 times in a week

US most attacked by hackers exploiting four zero-day vulnerabilities

Hackers have taken advantage of the slow patching and mitigation processes on Microsoft Exchange Servers, increasing their attacks 10 times between last Thursday and today.

That's according to Check Point Research, which claims the number of attempted attacks using these flaws has increased from 700 on March 11 to over 7,200 on March 15. The country most attacked has been the US (17% of all exploit attempts), followed by Germany (6%), the UK (5%), the Netherlands (5%), and Russia (4%).

The most targeted industry sectors have been government and military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%), and healthcare (6%), said researchers.

The attacks have been ongoing since the recently disclosed vulnerabilities on Microsoft Exchange Server. Orange Tsai (Cheng-Da Tsai) from DEVCORE, a security firm based in Taiwan, reported two vulnerabilities in January. On further investigation, Microsoft uncovered five more critical vulnerabilities.

According to Check Point Research analysts, the vulnerabilities allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server. Once a hacker gains control of an Exchange server, they can open the network to the internet and access it remotely, posing a critical security risk for millions of organizations, they warned.

The researchers said the “good news” about the attacks is only “highly skilled and well-financed threat actors are capable of using the front door to potentially enter tens of thousands of organizations worldwide.”

“While hacking the exchange server with zero days is quite impressive, the purpose of the attack and what cybercriminals wanted within the network is still unknown,” they added.

"Compromised servers could enable an unauthorized attacker to extract your corporate emails and execute malicious code inside your organization with high privileges," commented Lotem Finkelstein, manager of threat intelligence at Check Point. 

"Organizations who are at risk should not only take preventive actions on their Exchange [server] but also scan their networks for live threats and assess all assets."

Researchers recommended that organizations immediately update all Microsoft Exchange Servers to the latest patched versions available by Microsoft. They warned update is not automatic, and users must do it manually. According to researchers, if an organization hasn’t updated a server, it should assume it’s completely compromised.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022