March 29, 2021

Zero-Day vulnerabilities in Microsoft Exchange and their serious effects we do not know yet

MS Exchange gaps still threaten companies, public benefit organizations and many institutions. Although more than 90% of servers have been patched and vulnerabilities removed, the problem is that it is not known how many systems were already attacked before the vulnerability was removed.

Appropriate scripts and guides from Microsoft come to the rescue here, which describe the vulnerability and their removal, allow more or less probability to determine whether potential attackers accidentally exploited the vulnerability in our environments and what further steps should be taken – you can read it here HAFNIUM targeting Exchange Servers with 0-day exploits.

In one of the worst scenarios, after gaining access to the Exchange server, which was not difficult to exploit the vulnerability, attackers gain access to mailboxes, calendar, tasks, and contacts. Based on the obtained permissions, it starts further penetrating the company’s resources while hiding his presence. Therefore, there is a very high risk here related to the loss of confidentiality of information, leakage or destruction of data or blocking access to them and the entire infrastructure. It is also not difficult to imagine a different scenario in which – having access to the Exchange server – the attacker will impersonate a given company or person in the organization and spread his malicious activities, e.g. through phishing and harm our contractors and business partners.
It is significant that, apart from the confirmed many cases of exploiting the vulnerability in the server, we have not yet heard about any further actions of criminal groups.

However, more and more facts suggest that using this vulnerability allowed the REvil hackers group to launch a ransomware attack on Acer, which has been quite loud lately: REvil ransomware attack on Acer the most expensive in history.

This may suggest that in the future, criminals will want to sell the access for a targeted attack or to further surveillance and control a given organization for later monetization of hackers activities.
NaviRisk offer services for securing infrastructure elements and monitoring and managing vulnerabilities in the company’s ICT resources.

Back to news

Read more:

February 28, 2025

Fraud: Internal and Business Partner Scams

Fraud poses a significant risk not only to a company’s financial stability but also to the reputation of its owners. What exactly is corporate fraud, and how can it be detected? Understanding Business Fraud Fraud, by definition, refers to deliberate actions intended to deceive a company or business partner for financial gain. Common examples include […]

February 3, 2025

How To Mitigate Business Risks In 2025?

The business landscape is shifting quickly. Companies operate in a world of great volatility and complexity. This dynamic environment brings two critical areas of risk that organizations must manage: leadership and reputational risks. These critical elements are not abstract or academic issues; they matter regarding long-term corporate survival and success.   How to manage those […]

October 23, 2024

NaviRisk’s Comprehensive Due Diligence for Business Partners in Far East

Companies are increasingly operating across borders, thus the complexity and scope of potential risks have grown. NaviRisk gives them a comprehensive background screening of potential business partners. One of the most critical applications of international, multi-juridical investigations is in the vetting process of potential business partners. Ensuring a business associate’s credibility and ethical standing has […]

CONTACT

NaviRisk Sp. z o.o.

ul. Huculska 5/6
00-730 Warsaw

+48 605 19 11 19 info@wearenavirisk.com

CONTACT FORM

Do you have any questions? Write to us!

Send message