Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Scans for Vulnerable Exchange Servers Started 5 Minutes After Disclosure of Flaws

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft’s announcement, Palo Alto Networks reveals in a new report.

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft’s announcement, Palo Alto Networks reveals in a new report.

Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

For comparison, global enterprises need roughly 12 hours to identify vulnerable systems within their environments, provided that they are aware of all of their assets, Palo Alto Networks explains in their 2021 Cortex Xpanse Attack Surface Threat Report.

Adversaries are at work around the clock to identify vulnerable systems that could provide them with access to enterprise networks, the cybersecurity company says. The monitoring of 50 million IP addresses associated with 50 global enterprises (1% of the global IPv4 space) revealed that, on a typical day, such scans are performed each hour.

[ Don’t Miss: The Inside Story of the Microsoft Exchange Hack – Presented at SecurityWeek’s Threat Intelligence Summit on May 25 – Register ]

Ranging from insecure remote access, zero-day security issues, flaws in products such as Exchange Servers and F5 load balancers, and exposed database servers, new serious vulnerabilities are identified in global enterprise networks twice a day.

“Experiencing one issue every 12 hours highlights the ephemeral nature of today’s IT infrastructure, where not only infrastructure changes but so does the vulnerability footprint. Tracking an ever-changing landscape is an impossible task for humans and requires an automated approach,” Palo Alto Networks says.

The top security issue, the report reveals, is related to the remote desktop protocol (RDP), which accounted for approximately one third (32%) of the identified weaknesses. Expired certificates, database misconfigurations, high-profile zero-days, and insecure remote access through various protocols were also top issues during the first three months of the year.

Advertisement. Scroll to continue reading.

The report also shows that the majority of the most critical security flaws identified in global enterprises were associated with cloud infrastructure (79%, compared to 21% for on-premises). Although easy to deploy, cloud is more difficult to manage, and the COVID-19 pandemic has accelerated cloud adoption, the report points out.

Related: Threat Actors Quick to Target (Patched) SAP Vulnerabilities

Related: FBI Agents Secretly Deleted Web Shells From Hacked Exchange Servers

Related: Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...