EXECUTIVE SUMMARY:
On March 2nd, Microsoft released a series of emergency fixes on behalf of four different zero-day vulnerabilities. Despite the patches available, as many as 250,000 organizations may experience compromise.
In the last 24 hours, cyber security researchers observed that exploitation attempts have been “doubling every two to three hours”. The United States, Turkey and Italy remain especially vulnerable, and are witnessing the highest number of targeted intrusion attempts.
The attackers appear focused on the following sectors:
- Government
- Military
- Manufacturing
- Financial services
Earlier this week, authorities discovered that the work of 10 advanced persistent threat (APT) groups has contributed to the magnitude of the attacks. Their activity also explains why and how attacks on Exchange Servers are evolving.
Microsoft has announced that operators of the DearCry ransomware are incorporating the server vulnerabilities into their attack methodology. The attackers are deploying the ransomware onto unpatched on-premises exchange servers. This situation has parallels with the 2017 WannaCry campaign.
“Organizations that are at risk should not only take preventative actions on their Exchange, but [should] also scan their networks for live threats and assess all assets,” says Lotem Finkelsteen, Manager of Threat Intelligence for Check Point Software.
For more on this story, visit ZDNet.
