It only took cybercriminals 5 minutes to start scanning for Microsoft Exchange vulnerabilities
Cybercriminals jump on the chance to take advantage of vulnerable systems, and that was certainly the case with Microsoft Exchange.
What you need to know
- Cybercriminals started scanning the web for vulnerable Exchange servers within five minutes of vulnerabilities being disclosed.
- That response time is three times faster than what's often seen with disclosed vulnerabilities.
- The affordability of computing contributed to more people attempting to take advantage of the vulnerabilities.
Whenever vulnerabilities within popular pieces of software are made known, cybercriminals race to find ways to take advantage of them. Even more than normal, that was the case with the vulnerabilities in Microsoft's Exchange Server software. According to the 2021 Cortex Xpanse Attack Surface threat report from Palo Alto Networks, cybercriminals starting scanning the web for Exchange vulnerabilities within five minutes of them being made known (via ZDNet).
The report compiles data from enterprise companies that was gathered between January and March 2021. It explains that cybercriminals worked faster than usual to take advantage of the vulnerabilities in Microsoft Exchange.
Usually, when zero-day vulnerabilities are reported, cybercriminals will scan for them in as few as 15 minutes. In the case of Microsoft Exchange's vulnerabilities, it's said that cybercriminals were scanning within five minutes. This lines up with earlier reports that hackers raced to take advantage of unpatched Exchange servers.
When Microsoft disclosed four zero-day vulnerabilities in Exchange Server, it led to several attacks. Most notably, a group known as Hafnium exploited the vulnerabilities.
The report from Palo Alto explains that computing becoming more affordable has led to more attacks, "Computing has become so inexpensive that a would-be attacker need only spend about $10 to rent cloud computing power to do an imprecise scan of the entire internet for vulnerable systems." The report continues to say, "We know from the surge in successful attacks that adversaries are regularly winning races to patch new vulnerabilities."
Since a potential attacker only needs $10 to scan the entire web for vulnerable systems, it lowers the bar of entry for cybercriminals.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.