The Fidelis Threat Research team is comprised of expert security researchers whose sole focus is generating accurate and actionable intelligence to better secure customers. Together, they represent over... Read More
Over the last week, there has been an influx of updated information regarding the critical ProxyLogon vulnerabilities which have impacted Microsoft Exchange Servers globally. Estimates of vulnerable and impacted servers number in the tens of thousands with new adversaries, tactics, and tools being observed targeting these systems.
In the aftermath of yet another wide-spread hack here are the top 5 concerns and assessments Fidelis TRT would like our customers and industry intelligence teams to know and consider as of 10 March 2021.
Continue reading for more information about this top 5 list and what you should know now.
While not every single environment or organization is confirmed to be impacted or targeted, Fidelis TRT assesses that that attempted exploitation or interrogation of your environments for these vulnerabilities should be considered as a Most Likely Course of Action (MLCOA) due to the length of time the threats have been present as well as recent public release of the exploit’s POC. It is important to consider that exploitation of the 0-day ProxyLogon vulnerabilities does not necessarily constitute a full compromise. There are several steps and processes that were involved beyond the initial compromise of vulnerable Microsoft Exchange Servers in order to achieve varying levels of access, persistence, discovery and execution or exfiltration. Previous major breaches have also proved that failures at multiple levels of defense and detection, not just the initial compromise or vulnerability exploitation, resulted in major impact of confidentiality, integrity, and/or availability. A defense in depth and risk-focused approach is an important consideration to ensure known and future threats are mitigated where possible.