1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft Exchange ProxyShell is being exploited to mine crypto o

    From TechnologyDaily@1337:1/100 to All on Fri Feb 17 19:00:03 2023
    Microsoft Exchange ProxyShell is being exploited to mine crypto once again

    Date:
    Fri, 17 Feb 2023 18:48:18 +0000

    Description:
    Cryptominers are being deployed on vulnerable Microsoft Exchange servers again.

    FULL STORY ======================================================================

    Hackers are using known ProxyShell vulnerabilities to install cryptocurrency miners on vulnerable Microsoft Exchange servers, researchers have claimed.

    Cybersecurity experts from Morphisec observed unidentified attackers using ProxyShell (an umbrella term for multiple vulnerabilities that, when chained together, allow for remote code execution) to install XMRig on Microsoft Exchange servers.

    XMRig is one of the most popular cryptocurrency mining malware variants, generating the Monero (XMR) cryptocurrency for attackers. Monero is a popular choice among cybercriminals because of its privacy features and the fact that its almost impossible to trace. Hiding in plain sight

    Morphisec says that the vulnerabilities used in this campaign are CVE-2021-34473 and CVE-2021-34523. Both of these were discovered, and
    patched, two years ago. Therefore, the best way to protect against these attacks is to apply the fix to vulnerable endpoints .

    The attackers have also put in extra effort to make sure they remain hidden for as long as possible, the researchers said.

    Once the miner is set up, it will create a firewall rule, applied to all Windows Firewall profiles, to block all outgoing traffic. That way, the researchers continued, the IT teams and other defenders wont be notified of the breach in the system. Read more

    Windows and Linux servers turned into crypto miners


    This new Linux malware floods machines with cryptominers and DDoS bots


    Check out the best malware protection services right now

    Furthermore, the malware will wait at least 30 seconds between starting the mining process and creating the firewall rule, to evade triggering alarms
    from security tools that monitor process runtime behavior.

    Cryptocurrency miners wont destroy a computer, but as they take up almost all of the computing power, will render the device practically useless. Whats more, they could rake up enormous electricity bills for the computers owners.

    Morphisec also said that vulnerable Microsoft Exchange server owners shouldnt take the attack lightly, as after making their way into the network, theres nothing stopping the attackers from deploying any other form of malware.
    These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-exchange-proxyshell-is-being-exploite d-again


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)