Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch SecOps Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
09.02.21

Significant Cyber Event | Exchange Exploitation and Labor Day Weekend

By Deepwatch, 

Key Points:

  • Deepwatch has been monitoring a recent uptick in on-prem Exchange server exploitation.
  • CISA and the FBI issued a joint advisory detailing best practices and mitigations for ransomware for the upcoming holidays and weekends.
  • Deepwatch is working with any potentially affected customers.

Summary

Deepwatch has been monitoring a recent uptick in on-prem Exchange server exploitation and web shell deployment. With the upcoming Labor Day weekend, The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a  joint alert where they state that they “have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends.” But neither organization has specific intelligence to cyber threats coinciding with upcoming holidays and weekends. Threat actors, though, may see this Labor Day weekend as an opportune time to target organizations.

This uptick in activity may be related to our advisory Microsoft Exchange Servers are being Actively Scanned for ProxyShell that was published on August 13.

Your Exchange servers are vulnerable if any of the following are true:

  • The server is running an older, unsupported CU (without May 2021 SU);
  • The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
  • The server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.

Below is Deepwatch’s Threat Intelligence Team’s estimate on future exploitation and some recommendations you can take to mitigate the risk to vulnerable Microsoft Exchange servers in your organization.

Deepwatch Threat Intelligence Outlook

With the recent Exchange Server exploitation being seen “in the wild” and with the upcoming Labor Day holiday, the Deepwatch Threat Intelligence Team has high confidence that organizations are at an increased risk. Deepwatch is currently proactively identifying and working with potentially affected customers.

Deepwatch recommends organizations immediately review the current patch levels of Microsoft Exchange Servers in their environment to ensure these systems are up-to-date with security patches (KB5001779 + KB5003435). Additionally, check to ensure the security protection software on these systems are also current and functioning properly to support the defense-in-depth strategy.

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

Customer Advisory for Awareness | Confluence Enterprise Server & Data Center are Being Actively Exploited

Next post

Customer Advisory for Awareness | Microsoft Warns of New RCE Zero-Day Exploited in Targeted Office Attacks

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch SecOps Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy