Microsoft is pushing out updates for older software as ransomware groups seek to exploit vulnerabilities caused by ongoing attacks against on-premise versions of its Exchange Server.
The tech giant said on Friday that while the attacks were initially state-sponsored, with China blamed by the company, criminal organisations are now taking advantage through the use of ransomware and other malicious activity.
Cybsecurity company Check Point Research has said attacks are doubling every two to three hours and are hitting organisations and businesses across the globe.
In a statement, Microsoft said: “This extraordinary situation calls for a heightened approach. In addition to our regular software updates, we are also providing specific updates for older and out-of-support software with the intent to make it as easy as possible to quickly protect your business.”
Microsoft tweeted on Friday that it has detected and blocked a new family of ransomware called DearCry that had been seeking to exploit the vulnerabilities.
Microsoft said it has now released updates covering 95% of all Exchange Server versions exposed.
Under the attacks, the threat actor uses vulnerabilities to access exchange servers. Hacked servers are retrofitted with a “web shell” backdoor which allows criminals to read email, access the victim’s other computers and install malware.
The White House last week urged widespread action to patch servers and the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week warning that the exploitation of the Microsoft Exchange on-premises products “poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.
Cybersecurity specialist Brian Krebs estimated earlier this month that 30,000 organisations across the United States, including small businesses and local governments were hit in the initial attack, which he terms ‘unusually aggressive Chinese-cyber espionage”