Code Computer CodeCybersecurity

Palo Alto Networks discovers malicious scans on Microsoft Exchange 5 minutes after disclosure

Based on the data gathered by cybersecurity company Palo Alto Networks, hackers immediately launched a scan on Microsoft Exchange Server zero-days within five minutes as soon as the vulnerability was made known.

This finding is among the 50 million IP addresses Palo Alto Networks scanned during the first quarter of this year. The Palo Alto Networks Cortex Xpanse research team studied the public-facing internet attack surface of some of the world’s largest businesses and that included Microsoft.

The researchers also found that it would take only 15 minutes for hackers to rush and exploit freshly announced Common Vulnerabilities and Exposures (CVE). According to the report, on a typical day, attackers conducted a new scan once every hour, whereas global enterprises can take weeks.

Palo Alto Networks predicts 5G opens up new cybersecurity threats

Palo Alto Networks finds thousands of malicious cybersquatting domains

Nearly 1 in 3 vulnerabilities the Palo Alto Networks researchers uncovered were due to issues with the widely used Remote Desktop Protocol (RDP), use of which has surged since the beginning of 2020 as enterprises expedited moves to the cloud to support remote workers during the COVID-19 pandemic.

Remote Desktop Protocol

“This is troubling because RDP can provide direct admin access to servers, making it one of the most common gateways for ransomware attacks,” the researchers said in their report. “They represent low-hanging fruit for attackers, but there is reason for optimism: Most of the vulnerabilities we discovered can be easily patched.”

The research highlighted that RDPs accounted for about one-third of overall security issues (32%). Other commonly exposed vulnerabilities included misconfigured database servers, exposure to high-profile zero-day vulnerabilities from vendors such as Microsoft and F5, along with insecure remote access through Telnet, Simple Network Management Protocol (SNMP), Virtual Network Computing (VNC), and other protocols.

“Many of these high-risk exposures can provide direct admin access if exploited,” the researchers said. “In most cases, these vulnerabilities can be patched easily, yet they represent low-hanging fruit for attackers.”

Cloud footprints were responsible for 79% of the most critical security issues Palo Alto Networks found in global enterprises.

“This highlights how the speed and nature of cloud computing drive risk in modern infrastructure, especially considering how quickly cloud environments have grown over the past year as enterprises moved computing off-premises to enable the surge in remote work during the COVID-19 pandemic,” the researchers said.