Microsoft is warning customers to take some immediate steps to protect their Exchange servers.
After noticing a massive spike in attacks during April, Microsoft is urging organizations with Exchange email servers to shore up their defenses.
In a recent report from the Microsoft Defender ATP Research Team, the company touched on the April increase:
"Multiple Exchange-specific behavior-based detections picked up unusual activity. The telemetry showed attackers operating on on-premises Exchange servers using deployed web shells."
According to the team, Exchange email servers pose a specific risk when compromised, since they allow attackers to multitask with the same tools used by administrators.
"This is exacerbated by the fact that Exchange servers have traditionally lacked antivirus solutions, network protection, the latest security updates, and proper security configuration, often intentionally, due to the misguided notion that these protections interfere with normal Exchange functions.
Attackers know this, and they leverage this knowledge to gain a stable foothold on a target organization."
There are two main ways that cybercriminals can achieve this "stable foothold":
Microsoft is cautioning users to take action ASAP.
Curious how to protect your network and organization against Exchange server compromise? Microsoft has these five recommendations: