"Exchange Server Attackers Launched Scans Within Five Minutes of Disclosure"

Researchers at Palo Alto Networks conducted a new study where they scanned 50 million IP addresses associated with 50 global enterprises.  The research was carried out between January and March 2021.  The researchers stated that threat actors are “winning the race” to find vulnerable assets to exploit, launching scans within minutes of CVE announcements.  The researchers noted that scans began within 15 minutes after CVE announcements were released between January and March. Attackers worked faster for the Microsoft Exchange Server zero-days, launching scans within five minutes of Microsoft’s March 2nd announcement.   The researchers also found that on a typical day, attackers conducted a new scan once every hour, whereas global enterprises can take weeks.  Remote Desktop Protocol (RDP) servers accounted for the largest number of security issues (32%), although in this case, attackers aren’t scanning for software vulnerabilities but endpoints that can have their credentials brute-forced or cracked. It’s an increasingly popular initial access vector for ransomware attackers.

Infosecurity reports: "Exchange Server Attackers Launched Scans Within Five Minutes of Disclosure"