Kaspersky Lab researchers report that in August 2021, the company’s products blocked 19,839 attacks on users of Microsoft Exchange servers. The surge in malicious activity in the company is associated, for example, with recently discovered ProxyShell vulnerabilities.
Compared to July, the number of attacks on Microsoft Exchange increased by 170%. According to experts, the growth is due to the fact that many exploits for Microsoft Exchange have appeared this year, and the owners of the devices on which it is installed do not update it immediately after the patches are released. For example, in the last six months alone, more than 74,000 clients of the company around the world have encountered exploits for Microsoft Exchange Server.
“In the last week of the summer, we recorded over 2,700 attacks in Russia using ProxyShell exploits. Vulnerabilities for which updates have already been released can be even more dangerous than zero-day vulnerabilities, because since information about them is available in the public space, many more attackers can take advantage of them. That is why it is so important to track patch releases and immediately update software, ”comments Evgeny Lopatin, Cybersecurity Specialist at Kaspersky Lab.
Let me remind you that ProxyShell problems became widely known in early August. The name ProxyShell combines three vulnerabilities that allow unauthenticated remote code execution on Microsoft Exchange servers. These problems exploit the Microsoft Exchange Client Access Service (CAS) running on port 443.