What you need to know
- Microsoft Exchange Server cropped up in the news a lot throughout 2021.
- It's earned the lion's spot on Cisco Talos' quarterly report.
- Exchange woes comprised 35% of all incidents Cisco Talos investigated.
In case you haven't kept up with Microsoft Exchange Server and its troubles over the course of 2021, it's been associated with names such as SolarWinds, Hafnium, and even Colonial Pipeline. In short, Exchange vulnerabilities have been at the center of a lot of bad news this year — news that has scored the Microsoft tech a prime spot on Cisco Talos' quarterly threat report.
"While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter," the report states. "These vulnerabilities, tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, comprised around 35 percent of all incidents investigated."
According to the report, Exchange vulnerability issues began spiking in March. They affected everything from the U.S. government to a Canadian health care organization, showing how widespread the vulnerabilities' consequences were. It was noted that speed was an emphasis for attackers given that they knew patches would come sooner rather than later, and such haste resulted in less destructive attacks than otherwise could've been possible.
In addition to Exchange issues, the report cited ransomware as an increasingly prominent problem in the cyber threat sector, with new ransomware families on the rise that use the "ransomware-as-a-service (RaaS) model." They sneak in via trojans then get to work extorting people.
The full report is a highly technical read and can be viewed at the link above. The takeaway is that one should pay close attention when Microsoft systems are compromised, given their vast reach.