A security researcher has released a new proof-of-concept exploit that could be adapted to install web shells onĀ Microsoft ExchangeĀ servers vulnerableĀ ProxyLogonĀ issues.
Since theĀ disclosureĀ of the flaw, security experts observed a surge in the attacks against Microsoft Exchange mailservers worldwide.
Check Point Research team reported that that in a time span of 24 hours the exploitation attempts are doubling every two hours.
āCPR has seen hundreds of exploit attempts against organizations worldwideāĀ readsĀ the post published by CheckPoint. āIn the past 24 hours alone, CPR has observed that the number exploitation attempts on organizations it tracks doubled every two to three hours.ā
Most of exploit attempts targeted organizations in Turkey (19%), followed by United States (18%) and Italy (10%). Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%).
Security experts pointed out that the flaws are actively exploited to deliver web shells, and more recently ransomware such as the DearCry ransomware.
Last week, the independent security researcher Nguyen JangĀ published on GitHub a proof-of-concept toolĀ to hack Microsoft Exchange servers. The tool chains two of theĀ ProxyLogonĀ vulnerabilities recently addressed by Microsoft.
The availability of the proof-of-concept codeĀ was firstĀ reportedĀ byĀ The Record.
more on: ProxyLogon Microsoft Exchange exploit is completely out of the bag by now
Microsoft Exchange ProxyLogon attacks spike 10 times in four days