Thursday, June 25, 2020

Every Uganda organisation or institution must learn this to defend its exchange servers from attackers!!! Since every activity is now being done online organizations must be extra careful on the security of their servers.

I do not know if every or any organisation in eastafrica takes it as a priority to monitor the security of their exchange servers.we have many firms that should be extra careful with the security of their servers,i mean banks,hospitals,army institutions,..etc but what is annoying is that even these institutions have not time or careless in studying and analysing threats or vulnerablities.Every organisation must strive to Secure its Exchange servers as it is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, as well as highly privileged accounts that attackers attempt to compromise to gain admin rights to the server and, consequently, complete control of the network.
Weak security of compromised Exchange servers provide a unique environment that could allow attackers to exexute various tasks using the same built-in tools or scripts that admins use for maintenance. This is exacerbated by the fact that Exchange servers have traditionally lacked antivirus solutions, network protection, the latest security updates, and proper security configuration, often intentionally, due to the misguided notion that these protections interfere with normal Exchange functions. Attackers know this, and they leverage this knowledge to gain a stable foothold on a target organization. Exchange servers are compromised in two ways:The common scenario is attackers launching social engineering or drive-by download attacks targeting endpoints, ( vulnerabilities like CVE-2020-0688)where they steal credentials and move laterally to other endpoints in a progressive dump-escalate-move method until they gain access to an Exchange server.
The second scenario is where attackers exploit a remote code execution vulnerability affecting the underlying Internet Information Service (IIS) component of a target Exchange server. This is an attacker’s dream: directly landing on a server and, if the server has misconfigured access levels, gain system privileges.You can read more on this! 

No comments:

Post a Comment