Microsoft Exchange Server — Attack 2021

TIMELINE OF EVENTS

The attack phases listed by Microsoft.

If we look closely, the steps and phases are nothing but simple red team operation cycle. In which we do initial recon , exploit, persist, laterally move, exfiltrate data and come out of victim server.

PREVENTION

  1. Always keep yourself updated with patches, though I can say here patches were release after the exploit. But since now they available, go and please patch.
  2. Always keep your antivirus and endpoint security enabled.
  3. Follow concept of ACL — Access control list, to prevent breach of confidentiality. That means , only authorized personal should be allowed to access the things he is authorized for.

MITIGATION

  1. Apply patches if not compromised yet.
  2. If compromised try developing | rebuilding your exchange server using backups.
  3. If can’t patch, isolate the compromised servers, by cutting of the internet connection
  4. Consider switching to exchange online or OFFICE 365.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dhanishtha Awasthi

Dhanishtha Awasthi

OSCP | CEH | Cyber Security Enthusiast.