Weeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed.
Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, said that last week researchers with FortiGuard Labs saw activity double over two days for cybercriminals targeting the vulnerabilities. The attackers are using the flaws to deploy cryptominers, ransomware (such as the recently discovered DearCry ransomware) and other malicious campaigns, he said.
When it comes to exploits,” with high-profile events like this, we’re seeing a lot of variability across more regions worldwide,” said Manky. But Manky also warns security teams against having “tunnel vision” for the Microsoft Exchange attacks: “There’s a lot more happening here beyond Microsoft Exchange attacks,” he said.
In this week’s Threatpost podcast, Manky talks about how security defenders can disrupt cybercriminals – from the attackers targeting Microsoft Exchange attacks to ones looking to target insecure IoT devices.