Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

F-Secure comments on Exchange email incident

March 2021 by Calvin Gan, Senior Manager at F-Secure’s Tactical Defense Unit

In light of the further developments on the Exchange email incident, F-Secure spokespeople comment the following:

Calvin Gan, Senior Manager at F-Secure’s Tactical Defense Unit

“We have observed widespread exploitation of the vulnerabilities by multiple threat actors. Latest reporting suggests that the vulnerability is being exploited by Ransomware threat actors, so it is even more of an imperative that organisations patch immediately. It is highly likely any un-patched Exchange servers that are exposed to the internet are compromised already”.

Calvin Gan, Senior Manager at F-Secure’s Tactical Defense Unit:

“The stakes are now higher because Microsoft has also discovered a new human operated ransomware named DearCry (because of it’s encrypted file marker). See https://twitter.com/MsftSecIntel/status/1370236539427459076. The increase in attack through the ProxyLogon vulnerabilities could also likely be because of a Proof-of-Concept file being published in Github yesterday, which was quickly taken down by Microsoft. (https://therecord.media/poc-released-for-microsoft-exchange-proxylogon-vulnerabilities/) Attackers have been known to exploit this 0-day for a while before the patch has been released, and with the PoC now available publicly (albeit with some code bug), there’s bound to be some attackers who will adopt this to their toolset to launch an attack.

The advice now for organizations running Exchange is to immediately patch the systems and not wait till the end of their own investigation to identify if their servers were impacted by the vulnerability. With Microsoft releasing updates even for unsupported versions, we can gauge the urgency of applying the patch as soon as possible. This is not a matter of if your servers were impacted, but a matter of when.

With the addition of ransomware into the growing threat list, organizations must now act immediately because you not only risk information stolen from your mail server, but also having the possibility of getting them encrypted which incurs more cost later on”.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts