The key vulnerabilities in the Microsoft business email servers have left cyber security experts flummoxed as this free-for-all attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic “script kiddies.”
Although many on-premises Microsoft Exchange servers have been patched, New investigation has found that multiple threats are still lurking on already-compromised systems.
According to Microsoft 365 Defender Threat Intelligence Team, many of the compromised systems have not yet received a secondary action, “such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions”.
Microsoft said that it is important to note that with “some post-compromise techniques, attackers may gain highly privileged persistent access, but many of the impactful subsequent attacker activities can be mitigated by practicing the principle of least privilege and mitigating lateral movement”.
