Mass Microsoft Exchange Exploitation Still Impacting Organizations

Threat actors have a lot of options, including launching ransomware and other attacks.

Edward Gately, Senior News Editor

April 8, 2021

6 Slides
Sophisticated hacker

Already have an account?

Shutterstock

It may not be at the top of the headlines anymore, but the mass Microsoft Exchange exploitation isn’t over yet.

Huntress has been monitoring the situation since early February and has updated its resource page. In addition to the discoveries, the company reported the following findings:

  • Malicious hackers appear to have compromised 20% of the Exchange servers Huntress reviewed (those running affected versions).

  • Nearly 25% of the incident reports Huntress sent were to hosts who had been compromised more than once.

  • About 12% of the Exchange servers they’re monitoring still need patching.

Hammond-John_Huntress.jpg

Huntress’ John Hammond

The cyberattack was on Microsoft‘s on-premises Exchange business email software. The attack allowed access to email accounts and installation of malware to increase hackers’ dwell time inside a system.

We caught up with John Hammond, senior security researcher at Huntress, to find out the latest on the Microsoft Exchange exploitation.

Channel Futures: Is the threat from the Microsoft Exchange exploitation still very much real? If so, how?

John Hammond: The Exchange incident has taken up all of the month of March. And sadly, even now as we are in the early weeks of April, it continues. The threat is still very much real. Servers that are not patched are still being actively exploited. As public exploits are now available, any ill-intended actor can spray-and-pray across the internet looking for public-facing and vulnerable Exchange servers.

Scroll through the slideshow above for more of Hammond’s comments, as well as more cybersecurity news making headlines this week.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like