Check Point: Microsoft Exchange Attacks Increase, WannaCry Rises Again

Check Point: Microsoft Exchange Attacks Increase, WannaCry Rises Again

The recently released online proof of concept (POCs) for ProxyLogon vulnerabilities in the Microsoft Exchange Server have sparked new activity among cybercriminals.

While ransomware attacks have generally increased in the past six months, Check Point researchers noted a particular surge in exploits of Microsoft Exchange Server flaws.

According to its telemetry data, Check Point reported last week there were over 50 thousand attack attempts, in most of which attackers target organizations in the government, military, finance, and manufacturing sectors.

The company reported a 57% spike in ransomware attacks in the past six months in the world. Half of the attacks occurred in the U.S. – 49%, UK – 5%, and Netherlands and Germany – together  4%.

Besides the more regular ransomware like Maze, Ryuk, and REvil, Check Point noticed a 53% increase in the number of organizations targeted by WannaCry ransomware.

“In fact, CPR found that there are 40 times more affected organizations in March 2021 when compared to October 2020. The new samples still use the EternalBlue exploit to propagate – for which patches have been available for over 4 years,” Check Point said.

WannaCry made the headlines four years ago, when it spread through NSA’s EternalBlue for Windows Server Message Block (SMB) and affected 200,000 computers, and caused hundreds of millions of USD in damages.

Its spread has been thwarted, however, security firms continue to detect WannaCry even today. In fact, in January, TrendMicro named it top ransomware threat:

The reason why WannaCry was being so successful is that it is wormable and there are thousands of systems still vulnerable to EternalBlue.

Check Point reported the trend that they started to observe in December 2020, in which the WannaCry attacks continue to rise and in March 2021 stand at over 12,000.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.