Security News > 2020 > June > How attackers target and exploit Microsoft Exchange servers
Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as "They provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance."
According to Microsoft, April was the month when multiple campaigns began to target Exchange servers.
The attackers proceeded to install web shells to allow them to control the server remotely, and then started exploring its environment for info on domain users and groups, other Exchange servers in the network, and mailboxes, as well as scanning for vulnerable machines on the network.
"As these attacks show, Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques," the team noted.
Microsoft naturally also touts its Microsoft Defender Advanced Threat Protection security platform as a means to add protection to Exchange servers, automatically block behaviors like credential theft and suspicious use of PsExec and WMI, prevent attackers from tampering with security services, and to prioritize alerts so that attacks are spotted before they can do much damage.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cdiTDH4O7Ew/
Related news
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)