There are still thousands of cyberattacks targeting zero-day security vulnerabilities in Microsoft Exchange Server faster and more furious every single day as malicious hackers attempt to target organizations that have yet to apply the security patches released to mitigate them.
Microsoft continues to investigate the extent of Exchange Server on-premises attacks and continues to push out patches to fix over 300+ CVEs – with more than 20 classified as critical. The May 2021 security updates for Exchange Server address vulnerabilities that affect on-premises Microsoft Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action. Below is a timeline to build your awareness and intelligence, help harden your infrastructure, and begin to recover from these unprecedented attacks.
Timeline of Microsoft Exchange Attacks This Year
Timeline Source: CSO Magazine
If you have not already done so, it is IMPERATIVE that you update or mitigate your affected Exchange deployments immediately. These vulnerabilities are being actively exploited by multiple adversary groups. For the highest assurance, block access to vulnerable Exchange servers from untrusted networks until your Exchange servers are patched or mitigated.
Even if you have already applied the relevant security updates, there is no guarantee you were not compromised by malicious hackers before the patches were applied. Your top priority is becoming a much more formidable defender, since good posture and controls reduce available attack surfaces and help contain possible conflicts. This also means becoming better at detecting things which have gone awry in your environments and responding early in the attack lifecycle – while there is still a reasonable chance of minimizing damage.
To accomplish this, it will take more imaginative processes, a cadre of well-trained professionals, and reliable tools, such as ENow’s Exchange Monitoring and Reporting – Mailscape. ENow’s Mailscape can help you improve your security posture by reporting if your servers have been patched, what permissions have been granted to highly privileged mailboxes (Executives), and help reduce your surface attack area by identifying mailboxes and other resources (distribution lists, public folders) that are not being used.
With the broad and alarming implications of these fast and furious malicious attacks, may this be the moment your organization finally gives managing critical components of Exchange the priority it deserves – and consider the past four months as lessons learned.