US was the most targeted country accounting for 17% of all exploit attempts, followed by Germany (6%), UK (5%), Netherlands (5%) and Russia (4%)
Microsoft has also detected a family of ransomware released by attackers after initial compromise of unpatched on-premise Exchange servers
Cyberattacks on organizations have increased ten times ever since Microsoft alerted its clients about multiple zero-day vulnerabilities in on-premise Exchange email servers. The numbers grew from 700 on March 11 to 7,200 on March 15. Around 32 organizations in India have been attacked so far, with finance and banking the most targeted sectors, followed by government, military, manufacturing and insurance, cybersecuirty firm Check Point Research said in its latest report.
US was the most targeted country accounting for 17% of all exploit attempts, followed by Germany (6%), UK (5%), Netherlands (5%) and Russia (4%).
Microsoft’s Exchange email server is an online collaboration platform for enterprises meant to send, receive and store emails and calendar invites. It is used by organisations in private as well as government sector across the world. Everything accessed within Outlook goes through the Exchange server.
Though Microsoft released emergency patches for multiple versions of Exchange on March 3 and on March 11 to plug the vulnerabilities, thousands of organisations across the world are yet to install and apply the update. In a blog post published March 12, Microsoft said that 82,000 Exchange servers are still unpatched globally.
Microsoft has also detected a family of ransomware released by attackers after initial compromise of unpatched on-premise Exchange servers.
According to security experts, if exploited the vulnerabilities can allow attackers to take over the email server and open the network to the internet and access it remotely. Once the servers are exposed, attackers can extract the company’s corporate emails and launch malicious codes to carry out ransomware attacks or steal more information. A recent report by Check Point shows that 83% of all attack vectors are email based.
Microsoft claims, China based Hafnium is the only attack group that has exploited the vulnerabilities so far, but it can change if organisations continue to delay updating the patches. Hafnium is believed to be a state-sponsored threat actor and has targeted several organisations in the US in past. Once Hafnium has access to Exchange servers, it uses remote access, run from US based private servers, to steal critical data from an organization’s network.