Mar 16, 2021
Since the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange Server, Check Point Research (CPR) seen hundreds of exploit attempts against organisations worldwide.
In a single 24-hour periods, the number exploitation attempts on tracked organisations doubled every two to three hours, with Government/Military being the most targeted (17% of all exploit attempts), followed by Manufacturing (14%), and Banking (11%).
To date, hackers have yet to carry out the full chain of attack successfully, according to CPR researchers.
Since the recently-disclosed vulnerabilities on Microsoft Exchange Servers, a full race has started amongst hackers and security professionals. Global experts are using massive preventative efforts to combat hackers who are working day-in and day-out to produce an exploit that can successfully leverage the remote code execution vulnerabilities in Microsoft Exchange.
The most targeted industry sectors have been government and military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%), and healthcare (6%), said researchers.
The attacks have been ongoing since the recently disclosed vulnerabilities on Microsoft Exchange Server. Orange Tsai (Cheng-Da Tsai) from DEVCORE, a security firm based in Taiwan, reported two vulnerabilities in January. On further investigation, Microsoft uncovered five more critical vulnerabilities.
According to Check Point Research analysts, the vulnerabilities allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server. Once a hacker gains control of an Exchange server, they can open the network to the internet and access it remotely, posing a critical security risk for millions of organization