A former security guard of hers Microsoft warned that cybercriminals are mass exploiting vulnerabilities in Microsoft Exchange email servers because organizations were not properly warned about which systems to patch.
Many organizations do not seem to have been corrected, which led to a massive exploitation of vulnerabilities, warned Kevin Beaumont, who published in blog in the DoublePulsar.
Hundreds of U.S. government systems are on display, he added, while the Department of Homeland Security and Infrastructure (CISA) issued warning the Saturday.
Among the hackers who exploit the loopholes, there is one team ransomware known as Lockfile, which had taken advantage of problems that were first fixed by Microsoft in March. LockFile has been linked to ransomware attacks in various industries, including financial services, tourism, worldwide, mainly in the US and Asia, according to security company Symantec. According to doublePulsar, it first appeared on the network of a US financial institution on July 20.
The origins of the attacks can be traced to the weaknesses revealed during a hacking contest this year and were fully analyzed last week by Orange Tsai. It found three vulnerabilities in Microsoft Exchange (for the internal version, not Office 365) that, when combined, could be used to remotely control an email server.
Beaumont has now released one tool which helps to identify the non-adapted systems. It has already been used by the national computer emergency response team in Austria to scan vulnerable servers.
CISA said: "It strongly urges organizations to identify vulnerable systems in their networks and implement them immediately. the Microsoft Security Update from May 2021, which fixes all three vulnerabilities of ProxyShell, for their security from these attacks ".