ProxyShell is a group of vulnerabilities for Microsoft Exchange servers - CVE-2021-31206, CVE-2021-31207 , CVE-2021-34473, and CVE-2021-34523. ProxyLogon group includes CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The vulnerabilities from both groups enable an actor to bypass authentication and execute code as a privileged user.

The best defence against these vulnerabilities is to keep public-faced systems updated with the latest patches and product versions. Companies should also avoid direct access to Exchange Server from the Internet. Kaspersky products protect against vulnerabilities from both groups – ProxyShell and Proxy-logon.

Credential brute force attacks

A great share of attackers’ initial accesses leading to cybersecurity incidents is related to services with remote access or management features. One of the best-known examples is RDP (Remote Desktop Protocol). It is Microsoft’s proprietary protocol that enables a user to connect to another computer through a network of computers running Windows.

RDP is widely used by both system administrators and less-technical users to control servers and other PCs remotely but this tool is also what intruders exploit to penetrate the target computer that usually houses important corporate resources.

Last year, Kaspersky monitored 16,003 remote access and management services available for exploit. Indonesia, India, Bangladesh, the Philippines, and Vietnam provide the maximum facilities for an attacker to gain remote access.

Government institutions are serving more than 40% of the attack surface for brute force attacks and credential leak reuse.

“Clearly, cybercriminals are busy uncovering possible entry points in the region. From hunting for unpatched software, one-day vulnerabilities, and exploitable remote access and management services, malicious actors have a lot of options to infect lucrative industries. In short, a cyberattack is like a ticking bomb. While worrisome, reports such as our Digital Footprint Intelligence can be used as a tool to guide the cybersecurity capacity building of concerned organisations. If you know your weak areas, it’s easier to prioritise,” comments Chris Connell, Managing Director for the Asia Pacific at Kaspersky.

To protect your businesses from such threats, Kaspersky experts also recommend that you:

• Regulate every major change to the network perimeter hosts, including services or applications launching, exposing new APIs, software installation and updating, network devices configuration and so on. All changes should be reviewed from the perspective of security impact.



• Develop and implement reliable procedures for identifying, installing, and verifying patches for products and systems.



• Focus your defence strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminal connections. Back up data regularly. Make sure you can quickly access it in an emergency.



