Microsoft recently announced there were some vulnerabilities in the Exchange software that were being exploited by cybercriminals. Soon after, the company released emergency patches for Exchange Server 2019, Server 2016, and Server 2013. In addition to this, Microsoft rolled out a handful of mitigation tools and updated Microsoft Defender Antivirus to combat such vulnerabilities. The Check Point Research report revealed 32 firms worldwide were targeted via these vulnerabilities.
Further, researchers revealed the banking and finance sectors were the worst hit, with 28 percent of the total hacks directed at them. Following these are the government and military sectors with 16 percent, manufacturing with 12.5 percent, and the insurance and legal sector with 9.5 percent.
Microsoft has acknowledged that patching a system does not necessarily cut off an attacker’s access to any particular account. In a statement, a Microsoft spokesperson said, “The Exchange security update is still the most comprehensive way to protect your servers from these attacks and others fixed in earlier releases. This interim mitigation is designed to help protect customers while they take the time to implement the latest Exchange Cumulative Update for their version of Exchange.”
According to the Microsoft 365 Defender Threat Intelligence Team, “Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions.”