NTT Ltd. today launched its 2021 Global Threat Intelligence Report (GTIR), which reveals how hackers are taking advantage of the global destabilization by targeting essential industries and common vulnerabilities from the shift to remote working. Healthcare, manufacturing, and finance industries all saw an increase in attacks (200%, 300%, and 53% respectively), with these top three sectors accounting for a combined total of 62% of all attacks in 2020, up 11% from 2019.
As organizations race to offer more virtual, remote access through the use of client portals, application-specific and web-application attacks spiked, accounting for 67% of all attacks, which has more than doubled in the past two years. Healthcare bore the brunt of these attacks from its shift to telehealth and remote care, with 97% of all hostile activity targeted at the industry being web-application or application-specific attacks.
Serious vulnerabilities in Microsoft Exchange have been exploited by at least 10 APT groups that have been collectively been hitting thousands of companies over the
minute read
Share this article:
At least 10 nation-state-backed groups are using the ProxyLogon exploit chain to compromise email servers, as compromises mount.
Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers.
Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Four flaws can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials. This gives them access to email communications and the opportunity to install a webshell for further exploitation within the environment.
Microsoft Exchange attack timeline (Source: ESET)
Serious vulnerabilities in Microsoft Exchange have been exploited by at least 10 advanced persistent threat groups that have been collectively been hitting thousands of companies over the last three months, security researchers warn.
Full details of the attacks and groups involved - when known - have been released by researchers at Slovakia-based security firm ESET. They say at least several APT groups also began attacks that exploit the flaws, prior to Jan. 5, which is when Microsoft says it first learned about the vulnerabilities. This suggests that multiple threat actors gained access to the details of the vulnerabilities before the release of the patch, which means we can discard the possibility that they built an exploit by reverse-engineering Microsoft updates, ESET researchers say.