The Australian Cyber Security Centre says dozens of organizations have found their Microsoft Exchange Servers vulnerable to ProxyLogon-related hacks.
According to Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw, “tens of organizations” have reached out to ACSC regarding vulnerable Microsoft Exchange servers.
“We have had feedback from tens of organizations who have spotted the indicators of compromise and whom we’ve assisted,” Bradshaw said, as ZDNet reports. “The fact that people are engaging us on the basis that they’ve identified indicators of compromise is evidence both of the fact that they’ve seen the advice because they’ve run the specific scripts, but also an understanding that they understand and are able to spot for themselves where there are vulnerabilities on their systems.”
Australian senators raised concerns on Wednesday that about 7,000 servers in Australia and 11,000 Australian IPs had been found vulnerable to the ProxyLogon-related threats.
Bradshaw has also explained that as part of ACSC’s cyber hygiene improvement program, which is funded under the Cyber Enhanced Situational Awareness and Response funding, the agency scanned externally facing internet connections of various organizations. This allowed them to find a number of systems that still require patching. This way they had some familiarity with the numbers of servers that were identified.
Consequently, the ACSC has been monitoring those flagged orgs as vulnerable “extraordinarily closely.”
And as a result, Bradshaw says “many, many fewer servers, which remain vulnerable since that date.”
The ACSC has also worked directly with Microsoft Australia managing director Steven Worrall in analyzing the results of the scanning.
At the onset of the attacks, the ACSC was prompt to notify Australian orgs about the necessary patches and updates.
Director-General of the Australian Signals Directorate (ASD) Rachel Noble said her organization was first made aware of the Microsoft Exchange issue on March 3 after the ACSC sent an email to its 63,500 subscribers.
The ACSC also alerted 100 of its Commonwealth government CISOs and 50 more in state and territory governments.