In the last few days, the number of attacks on Exchange vulnerabilities has increased by a factor of ten. Germany, the UK and the Netherlands are some of the countries most affected by the attacks.
Cybersecurity company Check Point shared these figures. The company says that in the period from 11 to 15 March, the number of attacks on Exchange servers increased from 700 to 7200. The countries most affected are the US, Germany, the UK, the Netherlands and Russia.
The attackers seem to be mainly targeting government agencies and the military. Presumably, this category consists mainly of smaller governmental bodies, such as municipalities. Other branches that are significantly affected are manufacturing, finance, software suppliers and the healthcare industry.
Details of vulnerabilities may have leaked from Microsoft
Microsoft finds it remarkable that it seems as if the vulnerabilities have only been exploited since Microsoft has been working on solving them. After all, the vulnerabilities had been present in Exchange Server for many years without being discovered. Moreover, there seem to be many similarities between the proof-of-concept code that Microsoft has shared with antivirus companies and the code of a large part of the attackers.
Therefore, the company suspects that data has been leaked via the Microsoft Active Protections Program (Mapp). In this programme, Microsoft shares information with a group of 80 security companies. The security companies can use this information to stay ahead of attacks. Ten of these companies are Chinese. According to the Wall Street Journal, Microsoft has also sent information about Exchange vulnerabilities to some of these 80 companies. Microsoft declines to comment on whether Chinese companies are among them.
Microsoft emphasises that there are no indications that data has been shared from within Microsoft. Moreover, the Mapp partners have been working with Microsoft for a long time and should also be able to discover vulnerabilities. “If it turns out that a Mapp partner was the source of a leak, they would face consequences for breaking the terms of participation in the program,” a Microsoft spokesperson told the WSJ in an email.