Security News > 2020 > June > How attackers target and exploit Microsoft Exchange servers

Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as "They provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance."
According to Microsoft, April was the month when multiple campaigns began to target Exchange servers.
The attackers proceeded to install web shells to allow them to control the server remotely, and then started exploring its environment for info on domain users and groups, other Exchange servers in the network, and mailboxes, as well as scanning for vulnerable machines on the network.
"As these attacks show, Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques," the team noted.
Microsoft naturally also touts its Microsoft Defender Advanced Threat Protection security platform as a means to add protection to Exchange servers, automatically block behaviors like credential theft and suspicious use of PsExec and WMI, prevent attackers from tampering with security services, and to prioritize alerts so that attacks are spotted before they can do much damage.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cdiTDH4O7Ew/
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)