Security News > 2021 > June > Microsoft Exchange Server vulnerabilities, ransomware lead spring 2021 cyberattack trends

Cisco's Talos team said 35% of incidents led back to Microsoft Exchange Server vulnerabilities reported early in 2021, but new ransomware families have been appearing to fill the Emotet hole, too.
Cisco's Talos Intelligence Group has released its incident response trends report for spring 2021, and found that Microsoft Exchange Server vulnerabilities reported in early 2021 were the most detected incident over the past three months.
Talos said the four Exchange Server vulnerabilities, which now have a patch, comprised 35% of all incident investigations.
In addition to widespread Exchange Server attacks, Talos said it also noticed a "Persistent and growing" ransomware threat despite the January takedown of the Emotet botnet, which was often used to launch ransomware-as-a-service attacks.
Ransomware families MountLocker, Zeppelin and Avaddon were all newly detected in spring 2021, Talos said, and all fit the ransomware-as-a-service model used by Emotet.
Talos said that most of its energy was committed to working on Microsoft Exchange Server vulnerabilities, but it also reports that the majority only resulted in scanning attempts and HTTP POST requests without any post-exploitation evidence.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Data Theft Drove 94% of Global Cyberattacks in 2024 & Ransomware Defenses are “Increasingly Complex” (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)