How Are Phishing Attacks Affecting Users And Servers of Microsoft Exchange?

Almost a year ago, in February 2020, Microsoft had released a software update to deal with a memory corruption vulnerability. This security update denied attackers from gaining access to the victim’s account and compromising the system. By the next month, attackers were targeting unpatched systems with a high frequency. According to Rapid7’s internet-wide survey project Project Sonar, there were over 350,000 Exchange servers exposing a version of the software that had this vulnerability. Microsoft was planning to end the support of Exchange 2010 in January 2020 itself. But they extended it to Oct 2020, creating a need for a software update. Months later in Oct 2020, there were still 61% Exchange Servers that were at a risk of an attack.

What we are saying is that Phishing attacks have changed their form since the pandemic, and are even more complex as we have entered 2021. The attack method gains sensitive information such as PII, changing organizational information in an undetectable way, and blocking services from a legitimate user. A recent study reveals that 94% of the malware comes via email. Commonly, one can find three types of phishing – spear phishing, clone phishing, and whaling.

In Spear Phishing, the composition of malware built to target a specific group, so that it seems trustworthy and from a legitimate source. Usually, attackers use the company domain and the information of a person in authority in that company.

Clone Phishing takes the information from previously received emails to the victim, so that trust is established. In these emails, there are malicious attachments that trap the victim.

Lastly, in Whaling, attackers are mostly seeking high ransoms by attacking high-profile executives of a company. The most effective solutions against phishing attacks are encrypting your email id and securing the organization’s domain.

Check Point Software Technologies is an American-Israeli company providing both hardware and software solutions for cybersecurity and problems such as phishing. Hoplite Technology is also a well-known company, providing IT security on both small and large scale.

Unquestionably, Microsoft and Rapid7 suggest companies install the software update for Exchange 2013, Exchange 2016, and Exchange 2019, to avoid any such phishing risks. For time being, Microsoft has recently added a series of software updates compatible with older and Cumulative Updates (CU). “This is intended only as a temporary measure to help you protect vulnerable machines right now. You still need to update to the latest supported CU and then apply the applicable SUs. If you are already mid-update to a later CU, you should continue with that update,” Microsoft states.