Security News > 2020 > June > How attackers target and exploit Microsoft Exchange servers
Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as "They provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance."
According to Microsoft, April was the month when multiple campaigns began to target Exchange servers.
The attackers proceeded to install web shells to allow them to control the server remotely, and then started exploring its environment for info on domain users and groups, other Exchange servers in the network, and mailboxes, as well as scanning for vulnerable machines on the network.
"As these attacks show, Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques," the team noted.
Microsoft naturally also touts its Microsoft Defender Advanced Threat Protection security platform as a means to add protection to Exchange servers, automatically block behaviors like credential theft and suspicious use of PsExec and WMI, prevent attackers from tampering with security services, and to prioritize alerts so that attacks are spotted before they can do much damage.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cdiTDH4O7Ew/
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)