{"id":48172,"date":"2021-03-23T09:56:52","date_gmt":"2021-03-23T01:56:52","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=23498"},"modified":"2021-03-23T09:56:52","modified_gmt":"2021-03-23T01:56:52","slug":"a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/","title":{"rendered":"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation?"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The global scale of the recent Exchange server attacks deserves the designation \u201csaga.\u201d The fallout, resulting in data theft and further malware deployment, has likely led to intensive changes in security protocols at thousands of institutions, and will surely be felt for a long time.<\/p>\n

In an update to ESET\u2019s\u00a0original research<\/a>\u00a0piece detailing the global impact of the attacks, ESET\u2019s telemetry picked up almost 27,000 attack attempts via web shells against around 5,500 unique servers:<\/p>\n\"\"\n

Along with our well-received\u00a0research<\/a>\u00a0into advanced persistent threat groups leveraging the Exchange vulnerabilities, ESET has set out to provide proactive advice via its\u00a0Knowledgebase<\/a>\u00a0and a\u00a0Customer Advisory<\/a>. As the saga moves forward and we continue to compile and analyze data from the networks we protect, we would like to share how our cloud sandbox technology,\u00a0ESET Dynamic Threat Defense<\/a>\u00a0(EDTD), and our endpoint detection and response solution,\u00a0ESET Enterprise Inspector<\/a>\u00a0(EEI), offer protection to our clients.<\/p>\n

With respect to malicious files, EDTD not only handles executables (as is the case with ESET LiveGrid\u00ae) but also documents, scripts, installers and other file types commonly used to deliver threats. As such, the technology gives greater visibility into, and protection against, various threat types. Leveraging EDTD in combination with endpoint security\u2014both of which are backed by our core detection technologies\u2014brings a multilayered approach to the table that significantly increases the likelihood an attack is automatically detected.<\/p>\n

Looking closely at the samples related to the exploitation of Exchange servers, ESET has seen that some of the post-compromise attack components, for example, the loaders for the PlugX RAT (also known as Korplug), are being detected by EDTD when the most sensitive detection threshold \u2013 Suspicious \u2013 is applied. The same applies\u00a0<\/a>to the CobaltStrike-related components.<\/p>\n

These kinds of detections also trigger alerts in the ESET Lab, where our researchers are actively monitoring EDTD detection data. The knowledge gained from malware analysis of these samples can then be applied further as we investigate possible intrusion vectors and remediation.\n\nWith respect to post-compromise investigation and monitoring of servers, security operations center teams can use ESET Enterprise Inspector to address what amounts to a global challenge.<\/p>\n

From the point of view of EEI\u2019s rule set, the current modus operandi of the attackers can be fairly generic, meaning that creating a rule that detects such generic activity\u2014even though possibly malicious\u2014might cause a high number of false positives. For example, it is quite normal for w3wp.exe, the IIS worker process, to execute cmd.exe and powershell.exe, meaning that a rule monitoring this event would flood EEI\u2019s dashboard with false positives.<\/p>\n

However, ESET security teams have investigated how EEI faces up against malicious activity following the exploitation of Exchange. Our findings suggest that EEI deployed on exploited servers can cut investigation time by at least 80%.<\/p>\n

EEI can not only shorten the time for investigation, but also show the path of attack. Critically, the security admin at EEI\u2019s dashboard would have data at hand to see what was happening, when and where, which is a significant help in identifying and cleaning up malware, as well as providing for the overall security of compromised email servers.<\/p>\n

Please follow\u00a0our blog<\/a>\u00a0where ESET will share additional information to help customers return to normal operations following the extensive global exploitation of Exchange.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"\"<\/p>\n

Partnership Will Drive Increased Adoption of Portnox\u2019s Cutting-Edge NAC Solution Purpose-Built for Large Distributed Organizations in the Region<\/p>\n

LONDON \u2014 Portnox, which supplies network access control (NAC), visibility and device risk management to organizations of all sizes, today announced that it has partnered with Distology for the sole distribution and resell of its cloud-delivered NAC-as-a-Service solution in the United Kingdom and Ireland.<\/p>\n

We chose to partner with Distology because of their successful history of IT security solution distribution in the UK and Irish markets, said Portnox CEO, Ofer Amitai. Were confident this collaboration will yield tremendous growth for both parties, as Portnox has a unique value proposition and Distology has the market enablement expertise to effectively evangelize our network security offering.<\/p>\n

We have a long-established relationship with Portnox and it speaks volumes that the team have decided to choose Distology as their sole UK&I distributor. The technology Portnox brings to the market is incredibly exciting and complements our existing vendor stack effortlessly, said Stephen Rowlands, Head of Sales for Distology. Were especially looking forward to representing and promoting Portnox Clear to our growing partner base, as this brand-new cloud-based technology has potential to completely disrupt the market and we foresee masses of growth potential in this innovative product.<\/p>\n

Portnox introduced its cloud-delivered NAC-as-a-Service solution to the UK & Irish markets less than two years go. As the first to bring NAC to the cloud, Portnox has quickly gained a foothold in the region, particularly among large distributed enterprises in the retail, construction and utilities industries.<\/p>\n

The adoption of our NAC-as-a-Service product in the UK has been very strong to date, said VP of Products, Tomer Shemer. This is a testament to the fact that the UK is one of the markets leading the trend of cloud security adoption. We expect to see continued growth in the coming years in this area of Europe.<\/p>\n

Portnox is set to exhibit at this week\u2019s RSA 2020 Conference (booth #4234) in San Francisco, February 24-28. Additionally, Portnox (booth #G108) and Distology (booth #C40) will both be exhibiting at InfoSec Europe 2020, Europes largest event for information and cyber security, in London, June 2-4.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

About Version 2 Digital<\/h3>

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

About Portnox<\/strong>
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http:\/\/www.portnox.com<\/a>, and follow us on Twitter and LinkedIn.\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

<\/p>\n

About Distology<\/strong>
Distology is a Market Enabler and offers true value for the distribution of disruptive IT Security solutions. The vendors we work with represent innovative and exciting technology that continues to excite and inspire their reseller network. Our ethos is based on trust, relationships, energy and drive and offers end to end support in the full sales cycle providing vendor quality technical and commercial resource.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

BRATISLAVA, MONTREAL <\/strong>\u2013 ESET researchers have recently discovered websites distributing trojanized cryptocurrency trading applications for Mac computers. These were legitimate apps wrapped with GMERA malware, whose operators used them to steal information, such as browser cookies, cryptocurrency wallets and screen captures. In this campaign, the legitimate Kattana trading application was rebranded \u2013 including setting up copycat websites \u2013 and the malware was bundled into its installer. ESET researchers saw four names used for the trojanized app in this campaign: Cointrazer, Cupatrade, Licatrade and Trezarus.<\/p>\n

<\/p>\n

<\/p>\n

\u201cAs in previous campaigns, the malware reports to a Command & Control server over HTTP and connects remote terminal sessions to another C&C server using a hardcoded IP address,\u201d says ESET researcher Marc-Etienne M.L\u00e9veill\u00e9, who led the investigation into GMERA.<\/p>\n

<\/p>\n

<\/p>\n

ESET researchers have not yet been able to find exactly where these trojanized applications are promoted. However, in March 2020, the legitimate Kattana site posted a warning suggesting that victims are approached individually to lure them to download a trojanized app, thus pointing to social engineering. Copycat websites are set up to make the bogus application download look legitimate. The download button on the bogus sites is a link to a ZIP archive containing the trojanized application bundle.<\/p>\n

<\/p>\n

<\/p>\n

In addition to the analysis of the malware code, ESET researchers have also set up honeypots (research computers) and lured GMERA malware operators to remotely control the honeypots. The researchers\u2019 aim was to reveal the motivations behind this group of criminals. \u201cBased on the activity we have witnessed, we can confirm that the attackers have been collecting browser information, such as cookies and browsing history, cryptocurrency wallets and screen captures,\u201d concludes M.L\u00e9veill\u00e9.<\/p>\n

<\/p>\n

<\/p>\n

For more technical details on the latest GMERA malicious campaign, read the full blogpost, \u201cMac cryptocurrency trading application rebranded, bundled with malware<\/a>,\u201d on WeLiveSecurity. Make sure to follow ESET Research on Twitter<\/a> for the latest news from ESET Research.<\/p>\n

<\/p>\n

<\/p>\n


<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

About Version 2 Digital<\/h3>

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

About ESET<\/strong>
For 30 years, ESET\u00ae has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET\u2019s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24\/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single \u201cin-the-wild\u201d malware without interruption since 2003.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

The global scale of the recent Exchange server attacks […]<\/p>\n","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[461,40,61],"tags":[41,462],"class_list":["post-48172","post","type-post","status-publish","format-standard","hentry","category-year2021","category-eset","category-press-release","tag-eset","tag-462"],"acf":[],"yoast_head":"\nA Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation? - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/version-2.com\/zh\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation? - Version 2\" \/>\n<meta property=\"og:description\" content=\"The global scale of the recent Exchange server attacks […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/version-2.com\/zh\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-23T01:56:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eset.com\/fileadmin\/ESET\/US\/Newsroom\/2021\/03\/pr-img1-ms-exchange-attack-attempts.jpg\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation?\",\"datePublished\":\"2021-03-23T01:56:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/\"},\"wordCount\":569,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.eset.com\\\/fileadmin\\\/ESET\\\/US\\\/Newsroom\\\/2021\\\/03\\\/pr-img1-ms-exchange-attack-attempts.jpg\",\"keywords\":[\"ESET\",\"2021\"],\"articleSection\":[\"2021\",\"ESET\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/\",\"url\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/\",\"name\":\"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation? - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.eset.com\\\/fileadmin\\\/ESET\\\/US\\\/Newsroom\\\/2021\\\/03\\\/pr-img1-ms-exchange-attack-attempts.jpg\",\"datePublished\":\"2021-03-23T01:56:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.eset.com\\\/fileadmin\\\/ESET\\\/US\\\/Newsroom\\\/2021\\\/03\\\/pr-img1-ms-exchange-attack-attempts.jpg\",\"contentUrl\":\"https:\\\/\\\/www.eset.com\\\/fileadmin\\\/ESET\\\/US\\\/Newsroom\\\/2021\\\/03\\\/pr-img1-ms-exchange-attack-attempts.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2021\\\/03\\\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation? - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/version-2.com\/zh\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/","og_locale":"zh_HK","og_type":"article","og_title":"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation? - Version 2","og_description":"The global scale of the recent Exchange server attacks […]","og_url":"https:\/\/version-2.com\/zh\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/","og_site_name":"Version 2","article_published_time":"2021-03-23T01:56:52+00:00","og_image":[{"url":"https:\/\/www.eset.com\/fileadmin\/ESET\/US\/Newsroom\/2021\/03\/pr-img1-ms-exchange-attack-attempts.jpg","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"version2hk","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"3 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation?","datePublished":"2021-03-23T01:56:52+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/"},"wordCount":569,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eset.com\/fileadmin\/ESET\/US\/Newsroom\/2021\/03\/pr-img1-ms-exchange-attack-attempts.jpg","keywords":["ESET","2021"],"articleSection":["2021","ESET","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/","url":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/","name":"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation? - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#primaryimage"},"image":{"@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eset.com\/fileadmin\/ESET\/US\/Newsroom\/2021\/03\/pr-img1-ms-exchange-attack-attempts.jpg","datePublished":"2021-03-23T01:56:52+00:00","breadcrumb":{"@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#primaryimage","url":"https:\/\/www.eset.com\/fileadmin\/ESET\/US\/Newsroom\/2021\/03\/pr-img1-ms-exchange-attack-attempts.jpg","contentUrl":"https:\/\/www.eset.com\/fileadmin\/ESET\/US\/Newsroom\/2021\/03\/pr-img1-ms-exchange-attack-attempts.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/version-2.com\/2021\/03\/a-microsoft-exchange-saga-how-is-eset-technology-protecting-business-customers-post-exploitation-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"A Microsoft Exchange saga: How is ESET technology protecting business customers post-exploitation?"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/zh\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-cwY","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/48172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=48172"}],"version-history":[{"count":0,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/48172\/revisions"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=48172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=48172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=48172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}