[OPLIN 4cast] OPLIN 4Cast #744: Patch those servers immediately, but brace for more attacks

OPLIN OPLIN support at oplin.ohio.gov
Wed Mar 31 10:30:00 EDT 2021


Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4Cast #744: Patch those servers immediately, but brace for more
attacks
March 31st, 2021

[image: A cursor selecting the word Security] In early March, Microsoft
detected multiple 0-day exploits against Exchange Servers, urging customers
to update their on-premises systems immediately. They developed a one-click
mitigation tool
<https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/>
to
protect Exchange servers against cyberattacks and to fix any existing
compromises it found. MIcrosoft warns, however, that "patching a system
does not necessarily remove the access of the attacker," and there could be
hard days ahead.

   -
   - Report: Microsoft’s One-Click Exchange Server Mitigation Tool
   Downloaded 25,000 Times
   <https://mytechdecisions.com/network-security/report-microsofts-one-click-exchange-server-mitigation-tool-downloaded-25000-times/>
   [*MyTechDecisions*] "Chinese nation-state hackers are believed to be
   behind the initial exploits starting in early January, and copycats have
   been trying to replicate the attack chain since the vulnerabilities were
   disclosed earlier this month. That makes eliminating this vulnerability and
   patching systems critical but applying Microsoft’s comprehensive patch can
   be difficult without dedicated IT personnel."
   - Microsoft’s one-click tool to protect against cyberattacks is getting
   lots of downloads
   <https://fortune.com/2021/03/22/microsoft-tool-protect-cyberattacks-hack/>
   [*Fortune*] "Since the release of the tool, the number of vulnerable
   systems in the United States has fallen to fewer than 10,000 from at least
   120,000 at the peak. Many of the remaining vulnerable systems are tied to
   small businesses but not limited to any one sector."
   - Exchange Server attacks: Microsoft shares intelligence on
   post-compromise activities
   <https://www.zdnet.com/article/exchange-server-attacks-microsoft-shares-intelligence-on-post-compromise-activities/>
   [*ZDNet*] "Microsoft is raising an alarm over potential follow-on
   attacks targeting already compromised Exchange servers, especially if the
   attackers used web shell scripts to gain persistence on the server, or
   where the attacker stole credentials during earlier attacks."
   - Microsoft warns even patched Exchange servers can still be attacked
   <https://www.techradar.com/news/microsoft-warns-even-patched-exchange-servers-can-still-be-attacked>
   [*TechRadar*] "Many of the compromised systems have not yet received a
   secondary action, such as human-operated ransomware attacks or data
   exfiltration, indicating attackers could be establishing and keeping their
   access for potential later actions."

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Dennis, Steven T. “U.S. Sees Progress in Closing Microsoft Exchange
   Vulnerabilities
   <https://search-ebscohost-com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=149421645&site=ehost-live>
   .” *Bloomberg.Com*, Mar. 2021, p. N.PAG.
   - PR Newswire. “KnowBe4 Warns of Rise in Microsoft Exchange Global
   Security Exploit Attempts
   <https://search-ebscohost-com.proxy.oplin.org/login.aspx?direct=true&db=bwh&AN=202103160800PR.NEWS.USPR.FL10559&site=ehost-live>
   .” *PR Newswire US*, 16 Mar. 2021.
   - McMullen, Robert. "Microsoft Exchange Server Essential Training:
   Installation and Configuration
   <https://www.lynda.com/Exchange-Server-tutorials/Microsoft-Exchange-Server-Essential-Training-Installation-Configuration/791365-2.html>."
   17 Jul. 2019.

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast.

© 2021 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20210331/3fa97985/attachment.htm>


More information about the OPLIN4cast mailing list