Threat actors have a lot of options, including launching ransomware and other attacks.
It may not be at the top of the headlines anymore, but the mass Microsoft Exchange exploitation isn’t over yet.
Huntress has been monitoring the situation since early February and has updated its resource page. In addition to the discoveries, the company reported the following findings:
- Malicious hackers appear to have compromised 20% of the Exchange servers Huntress reviewed (those running affected versions).
- Nearly 25% of the incident reports Huntress sent were to hosts who had been compromised more than once.
- About 12% of the Exchange servers they’re monitoring still need patching.
The cyberattack was on Microsoft‘s on-premises Exchange business email software. The attack allowed access to email accounts and installation of malware to increase hackers’ dwell time inside a system.
We caught up with John Hammond, senior security researcher at Huntress, to find out the latest on the Microsoft Exchange exploitation.
Channel Futures: Is the threat from the Microsoft Exchange exploitation still very much real? If so, how?
John Hammond: The Exchange incident has taken up all of the month of March. And sadly, even now as we are in the early weeks of April, it continues. The threat is still very much real. Servers that are not patched are still being actively exploited. As public exploits are now available, any ill-intended actor can spray-and-pray across the internet looking for public-facing and vulnerable Exchange servers.
Scroll through the slideshow above for more of Hammond’s comments, as well as more cybersecurity news making headlines this week.