Microsoft Defender ATP Research Team released a guide on how to defend Exchange servers against malicious attacks using behavior-based detection.

  • Microsoft Defender ATP Research Team released a guide on how to defend Exchange servers against malicious attacks using behavior-based detection.The ATP team is worried about attacks that exploit Exchange vulnerabilities like CVE-2020-0688. You should start by reading more information on Exchange from our Microsoft Exchange section.If you’re interested in more news about security, feel free to visit our Security Hub.

 

  • Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).

  • Click Start Scan to find Windows issues that could be causing PC problems.

  • Click Repair All to fix issues affecting your computer’s security and performance

  • Restoro has been downloaded by 0 readers this month.

There are two ways to scenarios of Exchange servers being attacked. The most common implies launching social engineering or drive-by download attacks targeting endpoints.

The ATP team is worried, however about the second type, attacks that exploit Exchange vulnerabilities like CVE-2020-0688. There was even an NSA warning about this vulnerability.

Microsoft already issued the security update to fix the vulnerability since February, but attackers still find servers that were not patched and hence, remained vulnerable.

How do I defend against attacks on Exchage servers?

The Microsoft researchers studied Exchange attacks investigated during April, using multiple Exchange-specific behavior-based detections.

Behavior-based blocking and containment capabilities in Microsoft Defender ATP, which use engines that specialize in detecting threats by analyzing behavior, surface suspicious and malicious activities on Exchange servers.

These detection engines are powered by cloud-based machine learning classifiers that are trained by expert-driven profiling of legitimate vs. suspicious activities in Exchange servers.

How do the attacks take place?

Microsoft also revealed the attack chain that the wrongdoers are using to compromise the Exchange servers.

It seems that attackers are operating on on-premises Exchange servers using deployed web shells. Whenever attackers interacted with the web shell, the hijacked application pool ran the command on behalf of the attacker.

This is an attacker’s dream: directly landing on a server and, if the server has misconfigured access levels, gain system privileges.

Microsoft also specified in the guide that the attacks used multiple fileless techniques, with added layers of complexity in detecting and solving the threats.

The attacks also demonstrated that behavior-based detections are key to protecting organizations.

For now, it appears that installing the patch is the only available remedy for the CVE-2020-0688 server vulnerability.

If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

Still having issues? Fix them with this tool:

SPONSORED

  • Microsoft Exchange

Email *

Commenting as . Not you?

Comment