Cyber security agency CERT NZ identified almost 500 vulnerable Microsoft Exchange email servers and over 100 compromised email servers in the first quarter of 2021.
Most of the compromised mail servers belonged to small businesses, with a number of large organisations also affected.
A global wave of cyber attacks and breaches began in January after four zero-day exploits were discovered in on premises Exchange servers,
CERT NZ also received reports about attackers exploiting the vulnerabilities, its latest report said.
"The attackers exploited four newly discovered Microsoft Exchange vulnerabilities to gain access to the Microsoft Exchange server," CERT NZ reported today.
The attackers begin by scanning for vulnerable targets on the internet. They then send a malicious request to the server to gain unauthenticated access.
"Once they have access, they deploy a web shell (backdoor) that allows the attackers to steal data, view emails on the server as well as send emails and carry out further malicious activity like ransomware, phishing and invoice scams."
In response, CERT NZ issued an advisory alerting New Zealanders to the issue and included steps to prevent and mitigate possible attacks.
CERT NZ also contacted internet service providers (ISPs) with information on vulnerable and compromised IP addresses, and provided resources they could forward to the affected individuals and businesses.
CERT NZ strongly recommended Exchange users immediately apply the latest security updates for both Exchange and antimalware systems, including Microsoft’s One-click Microsoft Exchange on-premises mitigation tool and scanning tool.
Users should also change any passwords related to their Microsoft Exchange servers.