The recently released online proof of concept (POCs) for ProxyLogon vulnerabilities in the Microsoft Exchange Server have sparked new activity among cybercriminals.
While ransomware attacks have generally increased in the past six months, Check Point researchers noted a particular surge in exploits of Microsoft Exchange Server flaws.
According to its telemetry data, Check Point reported last week there were over 50 thousand attack attempts, in most of which attackers target organizations in the government, military, finance, and manufacturing sectors.
The company reported a 57% spike in ransomware attacks in the past six months in the world. Half of the attacks occurred in the U.S. – 49%, UK – 5%, and Netherlands and Germany – together 4%.
Besides the more regular ransomware like Maze, Ryuk, and REvil, Check Point noticed a 53% increase in the number of organizations targeted by WannaCry ransomware.
“In fact, CPR found that there are 40 times more affected organizations in March 2021 when compared to October 2020. The new samples still use the EternalBlue exploit to propagate – for which patches have been available for over 4 years,” Check Point said.
WannaCry made the headlines four years ago, when it spread through NSA’s EternalBlue for Windows Server Message Block (SMB) and affected 200,000 computers, and caused hundreds of millions of USD in damages.
Its spread has been thwarted, however, security firms continue to detect WannaCry even today. In fact, in January, TrendMicro named it top ransomware threat:
The reason why WannaCry was being so successful is that it is wormable and there are thousands of systems still vulnerable to EternalBlue.
Check Point reported the trend that they started to observe in December 2020, in which the WannaCry attacks continue to rise and in March 2021 stand at over 12,000.