Hackers are misusing recently uncovered vulnerabilities in Exchange email servers to release ransomware, Microsoft has released a warning stating that this hacking espionage could place tens of thousands of email servers at risk of damaging attacks.
Recently, a report released by Check Point Research (CPR), a cybersecurity division, informs that the hacking groups continue to exploit four zero-day vulnerabilities actively. The post states, “In the past 24 hours, the team has observed exploitation attempts on organizations doubling every two to three hours.”
“Global experts are using massive preventative efforts to combat hackers who are working day-in and day-out to produce an exploit that can successfully leverage the remote code execution vulnerabilities in Microsoft Exchange.”, the blog by Check point added.
Moreover, John Hultquist, vice president of analysis at FireEye’s Mandiant threat intelligence unit, said he expects more ransomware groups attempting to cash in.
“Though many of the still unpatched organizations may have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by releasing stolen emails,” he further added.
In response to this disaster, Microsft stated, “These vulnerabilities are used as part of an attack chain.” “The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access. Using this mitigation will only protect against the initial portion of the attack; other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file.”
In addition to it, Microsoft has also issued software updates for the “zero-day” exploits and advised customers to install them to protect themselves.
Nevertheless, the hacking has intensified from straightforward espionage to crisis levels, with some reports evaluating tens of thousands of organizations could be affected.
Read more: Microsoft Exchange Server attacked by Chinese state-sponsored Hackers
