Contact us
Request demo →
Contact us
German website
search
close

Microsoft Exchange CVE: Ransomware attacks incoming

by Cybersprint News 10 Mar 2021

A new wave of ransomware attacks is incoming. The Microsoft Exchange CVEs have already been extensively leveraged by criminals, resulting in secret access paths into organisations. Now, these attacks are waiting to be weaponised. 


Discovering unwanted visitors

Dutch newspaper Het Financieel Dagblad consulted several cybersecurity experts on the recent vulnerabilities discovered in the Microsoft Exchange email servers. “The extent of the incident is massive,” says Eward Driehuis. “Thousands of organisations use the vulnerable software, and hackers have already successfully created their own back doors into many of these companies.” So far, security researchers have already found five such access ports. “This indicates that multiple criminal groups are actively working on this.”

The tricky part is that the hack appears to have originated from state-sponsored Chinese threat actors. State-sponsored actors’ motives are often espionage-related. That means they try hard not to leave traces, break anything, or disrupt organisational productivity. This makes it difficult to determine if you’ve been breached.

Now, though, criminal groups are actively abusing the vulnerabilities as well. They usually have a different goal: financial gain. They are much more likely to leverage their system access to install ransomware.

This too, can be hard to detect. Criminals have been known to even patch the vulnerabilities in organisation’s systems once they have gained access. Not only to avoid being detected, but also to avoid others from attempting the same thing.

What can organisations do? 

  1. Use the scanner script to detect vulnerable software

    Microsoft has released code that will help you scan for open ports and the vulnerability in your netblocks. In our earlier analyst report, we explained how IT Security professionals can use Microsoft’s script, and published our own shell code to automate this process. This will help identify the parts you need to patch.
  2. Map your attack surface to understand the weak spots

    Still, the very first step in this process to create a list of netblocks or IP addresses you want to scan. What external-facing infrastructure could be at risk? Not only will this provide the input for your initial scans, it is also critical to prepare for potential (ransomware) attacks. Knowing what the vulnerable systems are connected to provides insights into the sensitive data most at risk.

    It starts with a solid understanding of your attack surface. Applying an automated, outside-in perspective to your asset discovery shows you exactly what is also visible to threat actors. This information lets you proactively mitigate vulnerabilities, limiting the chances of a successful attack.

  3. Focus on your supply chain risk

    Just like the SolarWinds event, and the Citrix breach before that, this incident emphasizes the need for strong control over your supply chain. Criminals increasingly target third parties as a stepping stone into their intended target organisation. In this article, we explain what makes this process difficult to manage, but also what you can do to monitor your supply chain for potential risks leading to your organisation.

Cybersprint partner of THESEUS: making patching happen

Cybersprint is proud to announce our partnership with project THESEUS. Project THESEUS aims to empower organisations to patch faster by radically changing the risk governance of patching.

read more

Lancering handleiding digitale veiligheid zó hack je een stad

Den Haag, 11 november 2021 - Vandaag heeft wethouder Saskia Bruines bij het ECP Jaarfestival 2021 de handleiding ‘Zó hack je een stad’ gelanceerd en deze overhandigd aan Tineke Netelenbos, voorzitter van ECP en lid van de Cyber Security Raad, het onafhankelijke adviesorgaan van het kabinet.

read more

Cybersprint nominated for Deloitte's Technology Fast 50

We are excited to have been included the Deloitte Technology Fast 50  list. Cybersprint is one of the 50 technology companies in the Netherlands to be recognised for exceptional growth performance in the last four years.

read more

Do you have a question?

Our experts have the answers

Contact us