Thousands of cyberattacks continue to target zero-day security vulnerabilities in Microsoft Exchange Servers as cybercriminals attempt to target organizations that have yet to apply the security patches released to mitigate them, reports ZDNet. Microsoft had released critical updates to secure Microsoft Exchange Servers against the vulnerabilities on March 2 and urged the organizations to apply them as a matter of urgency to prevent cyberattacks.
However, many weeks since the attacks began, many organizations are yet to apply the critical updates for Microsoft Exchange Server. Cyber attackers are taking advantage to gain access to servers while it remains possible.
Security researchers at F-Secure have identified tens of thousands of attacks targeting organizations worldwide that are still running vulnerable Microsoft Exchange Servers every day. According to the report, only about half of the Exchange servers visible on the internet have applied the Microsoft patches for these vulnerabilities.
“Tens of thousands of servers have been hacked around the world. They’re being hacked faster than we can count. Globally, this is a disaster in the making,” said Antti Laatikainen, senior security consultant at F-Secure.
To avoid falling victim to cyber attackers exploiting the Microsoft Exchange vulnerabilities, it’s recommended that organizations apply the critical updates as quickly as possible because the longer the patches aren’t applied, the more time cybercriminals will have to exploit the vulnerabilities as part of an attack potentially.
Microsoft has attributed the campaign to a state-sponsored advanced persistent threat (APT) hacking group working out of China, referred to as Hafnium, by Microsoft. However, once knowledge of the vulnerabilities became public following the patch’s release, other state-sponsored and cyber-criminal hacking groups have attempted to target Microsoft Exchange servers that have yet to have patches applied.
Read More: Microsoft’s troubles continue; Chinese hacks doubling every two hours