New trend in attacks spotted by ArmorPoint Security Operations Center

In the rapidly evolving landscape of cybersecurity, it's crucial to stay ahead of the game when it comes to protecting sensitive data and systems. At ArmorPoint, we've been closely monitoring a concerning trend: a marked increase in attacks targeting on-premise Exchange Servers. In this article, we delve into the details of these attacks and offer practical steps to fortify your defenses.

Rise in Remote Code Execution (RCE) Vulnerabilities

One alarming trend we've identified is the surge in attempts to exploit Remote Code Execution (RCE) vulnerabilities, both new and old. While advanced Endpoint Detection and Response (EDR) solutions like Cybereason provide a safety net against remote code execution and malware downloads on devices, they should be just one layer of your comprehensive security approach. Maintaining a robust security posture involves a multi-faceted strategy, starting with regular updates to all software and operating systems. By diligently applying recommended security patches, you can significantly reduce the risk of falling victim to RCE attacks.

Strengthening Exchange Server Security

In recent times, attacks against on-premise Exchange Servers have become more prevalent. High-profile vulnerabilities affecting Exchange Servers have garnered attention from malicious actors, underscoring the importance of proactive security measures. To safeguard your systems, it's imperative to keep your Exchange Servers up-to-date with the latest security patches. While migrating to cloud-based solutions is a consideration, remember that vigilant monitoring and periodic review of security settings are essential for both on-premise and cloud environments.

Guarding Against Threats: A Holistic Approach

The ArmorPoint approach to combating these threats involves a multi-layered defense. Our systems proactively block attacks that target devices protected by Cybereason. For instance, if a customer's web server is hit with an RCE attack due to a vulnerable application, the malicious commands executed from the application are promptly detected and intercepted by our EDR. To avoid such attacks, diligently adhering to patching and update schedules is crucial. Regular Vulnerability Scans can also help identify potential vulnerabilities before they're exploited.

Lessons from the Field: Protecting Web Servers

In our Trapp/Brinkster hosted web server environment, we've encountered instances where customer websites vulnerable to RCE attacks have inadvertently exposed our servers to malicious code. Swift action is taken to block or quarantine these attacks automatically. This serves as a reminder that multiple websites remain vulnerable to RCE attacks, possibly leading to data breaches or infections that compromise user information. Ensuring the security of your web applications is paramount to safeguarding your organization and its stakeholders.


Ashley Capps

Chief Marketing Officer, Trapp Technology and ArmorPoint