What you need to know
- Cybercriminals started scanning the web for vulnerable Exchange servers within five minutes of vulnerabilities being disclosed.
- That response time is three times faster than what's often seen with disclosed vulnerabilities.
- The affordability of computing contributed to more people attempting to take advantage of the vulnerabilities.
Whenever vulnerabilities within popular pieces of software are made known, cybercriminals race to find ways to take advantage of them. Even more than normal, that was the case with the vulnerabilities in Microsoft's Exchange Server software. According to the 2021 Cortex Xpanse Attack Surface threat report from Palo Alto Networks, cybercriminals starting scanning the web for Exchange vulnerabilities within five minutes of them being made known (via ZDNet).
The report compiles data from enterprise companies that was gathered between January and March 2021. It explains that cybercriminals worked faster than usual to take advantage of the vulnerabilities in Microsoft Exchange.
Usually, when zero-day vulnerabilities are reported, cybercriminals will scan for them in as few as 15 minutes. In the case of Microsoft Exchange's vulnerabilities, it's said that cybercriminals were scanning within five minutes. This lines up with earlier reports that hackers raced to take advantage of unpatched Exchange servers.
When Microsoft disclosed four zero-day vulnerabilities in Exchange Server, it led to several attacks. Most notably, a group known as Hafnium exploited the vulnerabilities.
The report from Palo Alto explains that computing becoming more affordable has led to more attacks, "Computing has become so inexpensive that a would-be attacker need only spend about $10 to rent cloud computing power to do an imprecise scan of the entire internet for vulnerable systems." The report continues to say, "We know from the surge in successful attacks that adversaries are regularly winning races to patch new vulnerabilities."
Since a potential attacker only needs $10 to scan the entire web for vulnerable systems, it lowers the bar of entry for cybercriminals.
Sean Endicott is the news writer for Windows Central. If it runs Windows, is made by Microsoft, or has anything to do with either, he's on it. Sean's been with Windows Central since 2017 and is also our resident app expert. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.