<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

Microsoft Exchange CVE: Ransomware attacks incoming

by Cybersprint News 10 Mar 2021

A new wave of ransomware attacks is incoming. The Microsoft Exchange CVEs have already been extensively leveraged by criminals, resulting in secret access paths into organisations. Now, these attacks are waiting to be weaponised. 

Discovering unwanted visitors

Dutch newspaper Het Financieel Dagblad consulted several cybersecurity experts on the recent vulnerabilities discovered in the Microsoft Exchange email servers. “The extent of the incident is massive,” says Eward Driehuis. “Thousands of organisations use the vulnerable software, and hackers have already successfully created their own back doors into many of these companies.” So far, security researchers have already found five such access ports. “This indicates that multiple criminal groups are actively working on this.”

The tricky part is that the hack appears to have originated from state-sponsored Chinese threat actors. State-sponsored actors’ motives are often espionage-related. That means they try hard not to leave traces, break anything, or disrupt organisational productivity. This makes it difficult to determine if you’ve been breached.

Now, though, criminal groups are actively abusing the vulnerabilities as well. They usually have a different goal: financial gain. They are much more likely to leverage their system access to install ransomware.

This too, can be hard to detect. Criminals have been known to even patch the vulnerabilities in organisation’s systems once they have gained access. Not only to avoid being detected, but also to avoid others from attempting the same thing.

What can organisations do? 

  1. Use the scanner script to detect vulnerable software

    Microsoft has released code that will help you scan for open ports and the vulnerability in your netblocks. In our earlier analyst report, we explained how IT Security professionals can use Microsoft’s script, and published our own shell code to automate this process. This will help identify the parts you need to patch.
  2. Map your attack surface to understand the weak spots

    Still, the very first step in this process to create a list of netblocks or IP addresses you want to scan. What external-facing infrastructure could be at risk? Not only will this provide the input for your initial scans, it is also critical to prepare for potential (ransomware) attacks. Knowing what the vulnerable systems are connected to provides insights into the sensitive data most at risk.

    It starts with a solid understanding of your attack surface. Applying an automated, outside-in perspective to your asset discovery shows you exactly what is also visible to threat actors. This information lets you proactively mitigate vulnerabilities, limiting the chances of a successful attack.

  3. Focus on your supply chain risk

    Just like the SolarWinds event, and the Citrix breach before that, this incident emphasizes the need for strong control over your supply chain. Criminals increasingly target third parties as a stepping stone into their intended target organisation. In this article, we explain what makes this process difficult to manage, but also what you can do to monitor your supply chain for potential risks leading to your organisation.

Cybersprint nominated as one of the 10 best cybersecurity providers at Computable

Our team is proud to announce that Cybersprint is nominated for the Computable Awards 2021 in the category Security & Forensics! With our Attack Surface Management platform, we help organisations monitor their attack surface and mitigate the associated risks within. We are pleased that Computable recognises our approach to help make organisations become more digitally secure.

read more

Hoe websites onopgemerkt voor kwetsbaarheden kunnen zorgen

Trouw heeft onderzoek gedaan naar de digitale veiligheid van een groot aantal Nederlandse overheidswebsites. Hierin komt naar voren dat tientallen sites risico’s vertonen, waarbij je met brute forcing binnen zou kunnen komen. Een gemeenschappelijke factor hierin is dat deze sites gebruik maken van WordPress. Maar in hoeverre is dat doorslaggevend voor de risico’s, en waar moet je op letten bij het beveiligen van dergelijke websites?  

read more

Microsoft Exchange CVE: Ransomware attacks incoming

A new wave of ransomware attacks is incoming. The Microsoft Exchange CVEs have already been extensively leveraged by criminals, resulting in secret access paths into organisations. Now, these attacks are waiting to be weaponised. 

read more

Do you have a question?

Our experts have the answers

Contact us