Exchange Exploitation: Not Dead Yet
The mass exploitation of Exchange Servers has been a wake-up call, and it will take all parties playing in concert for the industry to react, respond, and recover. March Madness is a jovial nickname for the third month of the year but in 2021, the cybersecurity industry felt the brunt of March madness for a reason other than basketball: mass exploitation of Microsoft Exchange Servers. Almost two months later, we re still living in the aftermath of this widespread incident.
Related Content:
On March 1, Huntress learned about new vulnerabilities that would offer an unauthorized actor full control of a Microsoft Exchange server. These vulnerabilities were not yet disclosed, but enterprise organizations and small- to medium-sized businesses were already being exploited. On March 2, Microsoft released its first security advisory, warning companies about these dangerous vulnerabilities. Unfortunately, it seemed Microsoft s initial announcement mi
Member Since: 9/28/2020
Author
Comments: 1
John Hammond is a Security Researcher at Huntress as well as a cybersecurity instructor, developer, red teamer, and CTF enthusiast. John is a former Department of Defense Cyber Training Academy curriculum developer and teacher for the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He personally developed training material and infosec challenges for events such as PicoCTF and the Capture the Packet competition at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the University of North Carolina Greensboro, and other events like the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, cyber security guides, and CTF video walkthroughs. John currently holds the following certifications: Security+, eJPT, eCPPT, CEH, PCAP,
minute read
Share this article:
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets.
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers.
That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities. On the latter front, it’s using fake domains on East Asian top-level domains (TLDs) to hide command-and-control (C2) infrastructure.
Security News In Review: PyInstaller, Cloud Frameworks, and Scripps (Oh My)
Community Chats Webinars Library Security News In Review: PyInstaller, Cloud Frameworks, and Scripps (Oh My) This new framework has backing from IBM, Microsoft, and Google. It’s called the Cloud Security Notification Framework (CSNF), and it’s trying to create a new open and standard way of delivering information. This is important because the old way is cumbersome and tedious. Currently, each of the big cloud platforms has its own methodology for passing on security information to logging and security platforms, leaving it to the vendors to find proprietary ways to translate that into a format that works for their tool. If it sounds confusing, that’s because it is. CSNF is relatively new, but they already have big customers like FedEx, Pfizer, and Goldman Sachs.
Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
The Microsoft Exchange Server hack: A timeline
Research shows plenty of unpatched systems remain. Here s how the attacks unfolded, from discovery of vulnerabilities to today s battle to close the holes. Credit: Dreamstime
On March 2, 2021 Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server.
Over the next few days, over 30,000 organisations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware, giving the cyber criminals ongoing administrative access to the victims servers.