ONG-ISAC and RiskIQ Briefing

Microsoft Exchange ProxyLogon Threat Briefing was held  on March 25, 2021 in response to the March 2nd out-of-band patch release issued by Microsoft for Microsoft Exchange to address a series of vulnerabilities which, when chained together, could lead to a system compromise. Based on RiskIQ’s Internet Intelligence Graph we were able to scan the internet to quickly understand the scope of the vulnerability, then worked with Microsoft to fingerprint vulnerable instances of exchange.

Key Takeaways:

Overview of the vulnerability
RiskIQs discovery of vulnerable exchange servers
Observations and trends vulnerable servers and patching
Overview of actors leveraging this vulnerability
How attack surface intelligence can help organizations respond to similar events in the future
Speaker: Steve Ginty, RiskIQ Director of Threat Intelligence

Bio: Steve Ginty has more than ten years of experience as an information security professional focused on incident response, threat intelligence, and data analysis. As co-founder of PassiveTotal (acquired by RiskIQ), he aimed to advance analysis methodologies and processes to make threat investigations and incident response more efficient and effective. Before joining RiskIQ, Steve spent years researching targeted intrusions against Fortune 500 organizations. His experience includes leading teams of multi-disciplined researchers implementing proactive methodologies to track threat actor infrastructure and malware associated with attack activity.