Exploits on organisations worldwide grew tenfold after Microsoft’s revelation of four zero days

Exploits on organisations worldwide grew tenfold after Microsoft’s revelation of four zero days

16 Mar 2021

Share

Following the revelation of four zero-day vulnerabilities currently affecting Microsoft Exchange server, Check Point Research (CPR) disclosed its latest observations on exploitation attempts against organisations that it tracks worldwide.

  • CPR has seen thousands of exploit attempts against organisations worldwide.
  • CPR has observed that the number of attempted attacks has increased tenfold from 700 on March 11 to over 7200 on March 15.
  • The country most attacked has been the United States (17% of all exploit attempts), followed by Germany (6%), the United Kingdom (5%), the Netherlands (5%) and Russia (4%).
  • The most targeted industry sectors have been government/military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%) and healthcare (6%).

Since the recently disclosed vulnerabilities on Microsoft Exchange servers, a full race has started amongst hackers and security professionals. Global experts are using massive preventative efforts to combat hackers who are working day in and day out to produce an exploit that can successfully leverage the remote code execution vulnerabilities in Microsoft Exchange.

CPR has outlined the disclosed vulnerabilities, the targeted organisations by country and industry, and then recommendations to prevent the attacks, which are yet to come.

 

Current attack attempts in numbers

 

The country most attacked has been the United States (16 % of all exploit attempts), followed by Germany (6%), the United Kingdom (5%), the Netherlands (5%) and Russia (4%).

The most targeted industry sector has been government/military (23% of all exploit attempts), followed by manufacturing (15%), banking and financial services (14%), software vendors (7%) and healthcare (6%).

Behind-the-scenes of the zero days

On 3 March 2021, Microsoft released an emergency patch for its Exchange server product, the most popular mail server worldwide. All incoming and outgoing emails, calendar invitations and virtually anything accessed within Outlook goes through the Exchange server.

Orange Tsai (Cheng-Da Tsai) from DEVCORE, a security firm based in Taiwan, reported two vulnerabilities in January. Unaware of the full magnitude of these findings, Microsoft was prompted to further investigate its Exchange server. The investigation uncovered five more critical vulnerabilities which allow an attacker to read emails from an Exchange server without authentication or accessing an individual’s email account. Further vulnerability chaining enables attackers to completely take over the mail server itself.

Once an attacker takes over the Exchange server, he/she can open the network to the internet and access it remotely. Since many Exchange servers have internet exposer (specifically Outlook Web Access feature) and are integrated within the broader network, this poses a critical security risk for millions of organisations.

 

Yaniv Balmas, head of Cyber Research

Lotem Finkelsteen, head of Threat Intelligence

Adi Ikan, head of Network Research and Protection

Sagi Tzadik, Security Researcher

Sign up to receive our newsletters and magazine free - click here.

Electric dreams: Will machines ever imagine?

Will AI ever dream or imagine? Our Editor explores the possibilities.

18 Feb 2025

Samsung's S25 takes testing and connectivity up a notch

The Korean tech giant has added a new quality control benchmark to the long-awaited Galaxy S25.

04 Feb 2025

AFSUG and SAP to host first-ever African hackathon at #SAPHILA2025

SAPHILA will be held from 1 to 3 June at the Sun City Convention Centre.

04 Feb 2025

SA mining: Batteries now included

Jonathan Skeen, MD Commercial at SOLA, discusses battery-powered mining

04 Feb 2025

Paying for 2025: Payment tech, trust and trends

Freddie Prinsloo, Chief Innovation Officer at Amplifin, offers insights on what trends to look out for in the payments sector.

04 Feb 2025

Intelligence at your fingertips: Get the right hardware to power your AI

Werner Joubert, Commercial SYS Director (South Africa & SADC) at ASUS, discusses AI's reshaping of business and the hardware driving it all.

28 Jan 2025

Exclusive Cover Feature Opportunity – EngineerIT February/March Edition

Are you our next cover story? Get in touch. 

28 Jan 2025

Take the AI in healthcare poll

How could AI transform African healthcare?

28 Jan 2025

AI in healthcare: Africa's hope?

Is AI the key to transformative healthcare in Africa?

28 Jan 2025

DeepSeek AI: A game-changer or a passing disruption?

Disruptions caused by Deepseek AI raise significant questions beyond market fluctuations.

28 Jan 2025

The Trends Transforming the BPO Industry in 2025

Peter Andrew, CEO, CCI South Africa, shares his insight on the trends that will shape BPO in 2025.

21 Jan 2025

Drones take over SA farms

The agricultural sector is embracing emerging drone technology as a solution to many modern farming challenges.

21 Jan 2025

MagazineClick to view

EngineerIT January 2025 Issue

View PDF

Poll

What is the most important way AI adoption could change the African healthcare landscape?

Podcasts / Panels

Bingeworthy Podcast: Top Tech Voices
14 Jan 2025
PODCAST: Don’t create problems to justify implementation of AI
23 Aug 2024
ARMCOIL WEBINAR OCTOBER 2023
01 Nov 2023
Efficiency and Reliability: Exploring Surface & Underground MV Substations with ArmCoil on 26 October 2023.
19 Oct 2023
The importance of Metrology in manufacturing PANEL DISCUSSION
26 Aug 2023
More