A security researcher has released a new proof-of-concept exploit that could be adapted to install web shells on Microsoft Exchange servers vulnerable ProxyLogon issues.
Since the disclosure of the flaw, security experts observed a surge in the attacks against Microsoft Exchange mailservers worldwide.
Check Point Research team reported that that in a time span of 24 hours the exploitation attempts are doubling every two hours.
“CPR has seen hundreds of exploit attempts against organizations worldwide” reads the post published by CheckPoint. “In the past 24 hours alone, CPR has observed that the number exploitation attempts on organizations it tracks doubled every two to three hours.”
Most of exploit attempts targeted organizations in Turkey (19%), followed by United States (18%) and Italy (10%). Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%).
Security experts pointed out that the flaws are actively exploited to deliver web shells, and more recently ransomware such as the DearCry ransomware.
Last week, the independent security researcher Nguyen Jang published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers. The tool chains two of the ProxyLogon vulnerabilities recently addressed by Microsoft.
The availability of the proof-of-concept code was first reported by The Record.
more on: ProxyLogon Microsoft Exchange exploit is completely out of the bag by now
Microsoft Exchange ProxyLogon attacks spike 10 times in four days
