Hackers Again Setting Sights on Microsoft Exchange Vulnerabilities

Attackers are actively scanning for vulnerable Microsoft Exchange servers and abusing the latest line of Microsoft Exchange vulnerabilities that the software giant patched earlier this year.

That’s according to Huntress. This past spring, cybercriminals used multiple zero-day exploits to attack on-premises Microsoft Exchange servers. Those who have not patched since April or May are not safe and could still be exploited.

Huntress’ John Hammond

Currently, Huntress has visibility over 1,300 Microsoft Exchange servers remaining unpatched and vulnerable. In addition, it has sent 370 incident reports for compromised servers.

To find out more about these Microsoft Exchange vulnerabilities, we spoke with John Hammond, Huntress‘ senior security researcher.

Channel Futures: Does this appear to be a continuation or resurgence of the massive cyberattack on Microsoft Exchange servers earlier this year? If not, how is this different?

John Hammond: Fortunately, the attacks on Microsoft Exchange servers that we are seeing now in August are not at the same size and scale as what we saw in March of this year. This is a new attack chain, dubbed ProxyShell, which differs from the ProxyLogon vulnerability we saw previously with the HAFNIUM threat. That is to say, this is not a continuation or resurgence of the previous attack, but we are seeing an increase in the number of compromised servers.

As of Aug. 24, according to Shodan, 20,674 Exchange servers across the United States remain unpatched. That is potentially a lot of ProxyShell carnage. Thankfully this isn’t a centralized, coordinated and widespread attack like HAFNIUM unleashed. But all the puzzle pieces are available and it very well could turn into that.

Scroll through our slideshow above for more from Huntress and other cybersecurity news.