Just quoting you for reference,the most common method every noob hacker use is trojan based attack and they will spoof a given data with an invisible trojan and target the vulnerable IP or the user,in the case of exchange hacks it is not a work that is carried out in a day or two,the hacker might collect the TCP UDP log for over a month and if they find any vulnerability they will proceed and the only possible way to avoid these sort of hacks is to monitor the logs regularly and analyze the logs and separate legitimate traffic,exchanges have to take security seriously to avoid these things .