Kaspersky experts say Microsoft Exchange attacks rose to 19,839 users.
JAKARTA — Number of users attacked by exploits targeting vulnerabilities in Microsoft Exchange Servers, blocked by Kaspersky products, grew by 170 percent in August from 7,342 to 19,839 users. According to Kaspersky experts, this surprising growth is due to the increasing number of attacks attempting to exploit previously disclosed vulnerabilities in the product and the fact that users do not immediately patch their vulnerable software, thereby expanding the potential attack surface.
A vulnerability in Microsoft Exchange Server caused a lot of chaos this year. On March 2, 2021, the public learned about the ‘widespread’ exploitation of a zero-day vulnerability in Microsoft Exchange Server, which was later demonstrated by a wave of attacks against organizations around the world.
This year also Microsoft has patched a series of vulnerabilities called ProxyShell-CVE-2-21-34473, CVE-2021-34523 and CVE-2021-31207. Taken together, these vulnerabilities represent a critical threat and allow cybercriminals to bypass authentication and execute code like a privileged user.
Although the patch for this vulnerability was released some time ago, cybercriminals did not hesitate to exploit it, of which 74,274 users Kaspersky faced with the exploitation of this MS Exchange vulnerability in the last six months.
In addition, as the Cybersecurity and Infrastructure Agency (CISA) in the United States warned last August 21, the ProxyShell vulnerability is now being actively exploited by cybercriminals in the recent wave of attacks. Then on August 26, Microsoft explained Exchange servers were vulnerable if they weren’t running a Cumulative Update (CU) with at least the May Security Update (SU).
According to Kaspersky telemetry, during the summer week, more than 1,700 users were attacked using the Proxy Shell exploit every day, causing the number of users attacked in August 2021 to grow by 170 percent compared to July 2021. This shows the magnitude of the impact of the vulnerability of the server, if left unpatched or patched.
Kaspersky security researcher Evgeny Lopatin said the fact that this vulnerability is being actively exploited shows cybercriminals are constantly trying their luck to penetrate any network they can get their hands on.