The recently discovered vulnerabilities in Microsoft Exchange Server have impacted thousands of organizations around the world.
Since the revelation of four Zero-Day vulnerabilities on the Exchange Server, Check Point research has disclosed new observations on exploitation attempts.
Microsoft Exchange attacks increase tenfold
The company discovered that from March 11 to March 15, the number of attempted attacks increased more than ten fold, from 700 to 7,200.
It also included two charts breaking down the most targeted organizations by country and industry:
On March 3, Microsoft announced an emergency patch for its Exchange Server.
Essentially, anything accessible in Microsoft Outlook goes through the Exchange Server, so this was quite alarming for the company that operates the most popular mail server worldwide.
In January, two vulnerabilities were reported by Orange Tsai from DEVCORE, a security firm in Taiwan. Microsoft followed up on this report and discovered five additional critical vulnerabilities.
Here is how Check Point describes what the vulnerabilities allow attackers to do:
"The vulnerabilities allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server itself.
Once an attacker takes over the Exchange server, they can open the network to the internet and access it remotely. As many Exchange servers have internet exposer (specifically Outlook Web Access feature) and are integrated within the broader network, this poses a critical security risk for millions of organizations."
U.S. government announces 'a first' in Exchange vulnerability response
A senior Biden administration official said the U.S. government response involves "a first" when it comes to remediating the Microsoft Exchange vulnerabilities:
"We've stood up a Unified Coordination Group, and we've done something totally different this time. Under the authority under which the Unified Coordination Group is stood up, it allows for private-sector participation.
For the first time, we've invited private-sector companies to participate in the Unified Coordination Group because we still believe that public-private partnership is foundational in cybersecurity, and we want to ensure we're taking every opportunity to include key private sector participants early and directly in our remediation efforts."
For more information regarding the U.S. federal response to the Microsoft Exchange Server vulnerabilities, read 10 Official U.S. Quotes on SolarWinds and Microsoft Exchange Attacks.