Microsoft Exchange Server vulnerability makes US CISA extremely concerned

    Microsoft Exchange Server vulnerabilities are making not only companies but also the staff of government security agencies extremely worried, says a tweet published by US CISA.

    Brandon Wales, the Executive Director of Cybersecurity and Infrastructure Security Agency has issued a warning to all companies yesterday that they need to monitor their email servers being operated on a Microsoft operating system as many hackers, especially those spreading ransomware were seen targeting them on an exclusive note.

    After REvil and DearCry, the latest to add to the list are those spreading ‘Black Kingdom’ ransomware that is seen infecting Microsoft Exchange Server through proxy logon vulnerabilities.

    Security researchers from Malware Tech have confirmed the news and updated through a tweet that 4 American companies have become a victim to the said ransomware last week.

    For this reason, CISA is urging all companies to follow the basic security hygiene to keep ransomware attacks at bay from their computer networks.

    “If we follow all necessary procedures, then the ransomware operators will move on to the next target”, said Mr. Wales.

    Note 1- As per the latest security feed given by Palo Alto Networks, over 49,000 Microsoft Exchange email servers are said to be vulnerable to hackers and that includes 12,000 of them from United States and 4800 from Germany and 2600 from Italy. Around 2600 servers from France and 2500 from UK were found too vulnerable to the threat actors and the number of them operating without a patch from Asia is estimated to be over 76,000.

    Note 2- CISA seems to follow the path of FBI as it is seen urging the victims not to pay a ransom as it not only encourages crime but also does not guaranty a decryption key for the amount.

    Note 3- All Microsoft Defender customers need to act to the news as if their automatic updates feature is turned on, then the susceptibility will get automatically patched.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display