Security Experts:

Scans for Vulnerable Exchange Servers Started 5 Minutes After Disclosure of Flaws

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft's announcement, Palo Alto Networks reveals in a new report.

Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

For comparison, global enterprises need roughly 12 hours to identify vulnerable systems within their environments, provided that they are aware of all of their assets, Palo Alto Networks explains in their 2021 Cortex Xpanse Attack Surface Threat Report.

Adversaries are at work around the clock to identify vulnerable systems that could provide them with access to enterprise networks, the cybersecurity company says. The monitoring of 50 million IP addresses associated with 50 global enterprises (1% of the global IPv4 space) revealed that, on a typical day, such scans are performed each hour.

[ Don't Miss: The Inside Story of the Microsoft Exchange Hack - Presented at SecurityWeek's Threat Intelligence Summit on May 25 - Register ]

Ranging from insecure remote access, zero-day security issues, flaws in products such as Exchange Servers and F5 load balancers, and exposed database servers, new serious vulnerabilities are identified in global enterprise networks twice a day.

“Experiencing one issue every 12 hours highlights the ephemeral nature of today’s IT infrastructure, where not only infrastructure changes but so does the vulnerability footprint. Tracking an ever-changing landscape is an impossible task for humans and requires an automated approach,” Palo Alto Networks says.

The top security issue, the report reveals, is related to the remote desktop protocol (RDP), which accounted for approximately one third (32%) of the identified weaknesses. Expired certificates, database misconfigurations, high-profile zero-days, and insecure remote access through various protocols were also top issues during the first three months of the year.

The report also shows that the majority of the most critical security flaws identified in global enterprises were associated with cloud infrastructure (79%, compared to 21% for on-premises). Although easy to deploy, cloud is more difficult to manage, and the COVID-19 pandemic has accelerated cloud adoption, the report points out.

Related: Threat Actors Quick to Target (Patched) SAP Vulnerabilities

Related: FBI Agents Secretly Deleted Web Shells From Hacked Exchange Servers

Related: Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

view counter