Cisco Talos has released its quarterly threat report for Q2 2021 and there is no surprise which attack is dominating the cybersecurity scene over the last three months. Just like Q1, the Microsoft Exchange Server attacks are the main story.
That shows how important this attack is as it has even the SolarWinds vulnerability that was exploited by the Solarigate malware. In its report, Cisco Talos explains how big the Exchange Server issues have been:
“While the security community made a great effort to warn users of the exploitation of several Microsoft Exchange Server zero-day vulnerabilities, it was still the biggest threat Cisco Talos Incident Response (CTIR) saw this past quarter,” the report states. “These vulnerabilities, tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, comprised around 35 percent of all incidents investigated.”
Microsoft Exchange Server was successfully attacked through an exploit first used by the HAFNIUM group. More hackers have since leveraged the exploit for their own attacks. Microsoft sent out patches for all versions of the service, including those out of support. Although, these patches need users to install the update.
Update
Microsoft says updating Exchange Server is the best way to avoid the exploit. Furthermore, the company has launched a tool to help customers know if they have been breached. In April, Microsoft released a new update of security patches for Exchange Server.
However, as we recently reported, some attacks persist and are targeting organizations that have not patched their systems.
While it is likely we are nearing the end of the main threat window of the exploits, attacks will likely persist until all customers have installed patches.
Tip of the day: When you boot Windows 10 it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.
