A former employee security της Microsoft προειδοποίησε ότι οι εγκληματίες στον κυβερνοχώρο εκμεταλλεύονται μαζικά τις ευπάθειες στους διακομιστές ηλεκτρονικού post officey of Microsoft Exchange because organizations were not properly warned about which systems to patch.
Many organizations do not seem to have been corrected, which led to a massive exploitation of vulnerabilities, warned Kevin Beaumont, who published in blog in the DoublePulsar.
Hundreds of U.S. government systems are on display, he added, while the Department of Homeland Security and Infrastructure (CISA) issued warning the Saturday.
Among the hackers who exploit the loopholes is a group of ransomware known as Lockfile, which had taken advantage of problems that were first fixed by Microsoft in March. LockFile has been linked to ransomware attacks in various industries, including financial services, tourism, worldwide, mainly in the US and Asia, according to security company Symantec. According to doublePulsar, it first appeared on the network of a US financial institution on July 20.
The origins of the attacks can be traced to the weaknesses revealed during a hacking contest this year and were fully analyzed last week by Orange Tsai. It found three vulnerabilities in Microsoft Exchange (for the internal version, not Office 365) that, when combined, could be used to remotely control an email server.
Beaumont has now released a tool to help identify non-adaptive systems. It has already been used by the national emergency response team computers in Austria to scan vulnerable servers.
CISA said: "It strongly urges organizations to identify vulnerable systems in their networks and implement them immediately. the Microsoft Security Update from May 2021, which fixes all three vulnerabilities of ProxyShell, for their security from these attacks ".