The number of users who were attacked by exploits based on vulnerabilities in Microsoft Exchange servers and blocked by Kaspersky security solutions increased by 2021 percent in August 170 (from 7.342 to 19.839) compared to the previous month.
According to Kaspersky experts, this massive development can be attributed to the increasing number of attacks that attempt to exploit known vulnerabilities in the product, as well as the fact that users do not update vulnerable software with appropriate patches, which increases the potential attack surface.
Holey Microsoft Exchange Server
Vulnerabilities in Microsoft Exchange Server have caused a lot of unrest this year. In early March, the public learned of the exploitation of zero-day vulnerabilities in Microsoft Exchange Server, which were then exploited in a wave of attacks on companies worldwide. Microsoft later closed a number of so-called ProxyShell vulnerabilities - CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. Combined, these vulnerabilities pose a critical threat and allow an actor to bypass authentication and execute code as a user with elevated privileges. Although the patches for these vulnerabilities were released some time ago, cyber criminals continue to actively exploit them. 74.274 Kaspersky users were confronted with exploits for MS Exchange vulnerabilities in the past six months.
According to CISA, vulnerabilities are being exploited
As the Cybersecurity and Infrastructure Security Agency (CISA) in the USA warned on August 21, the ProxyShell vulnerabilities are currently being actively exploited by cyber criminals in a new wave of attacks. In its advisory published on August 26th, Microsoft states that an Exchange server is vulnerable if it does not perform a cumulative update (CU) with at least the security update from May (SU).
According to Kaspersky Telemetry, more than 1.700 users were attacked using ProxyShell exploits every day during the last week of summer. As a result, the number of attacked users increased by 2021 percent in August 2021 compared to July 170. This shows what a big problem these vulnerabilities pose if they are not patched.
Kaspersky solutions protect against exploits that exploit ProxyShell vulnerabilities with the components Behavior Detection and Exploit Prevention and detect those with the following ratings: PDM: Exploit.Win32.Generic, HEUR: Ausnutzen.Win32.ProxyShell, HEUR: Exploit. * .CVE-2021-26855.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/