Microsoft Exchange ProxyShell is being exploited to mine crypto once again

Hackers are using known ProxyShell vulnerabilities to install cryptocurrency miners on vulnerable Microsoft Exchange servers, researchers h...

Hackers are using known ProxyShell vulnerabilities to install cryptocurrency miners on vulnerable Microsoft Exchange servers, researchers have claimed.

Cybersecurity experts from Morphisec observed unidentified attackers using ProxyShell (an umbrella term for multiple vulnerabilities that, when chained together, allow for remote code execution) to install XMRig on Microsoft Exchange servers.

XMRig is one of the most popular cryptocurrency mining malware variants, generating the Monero (XMR) cryptocurrency for attackers. Monero is a popular choice among cybercriminals because of its privacy features and the fact that it’s almost impossible to trace.

Hiding in plain sight

Morphisec says that the vulnerabilities used in this campaign are CVE-2021-34473 and CVE-2021-34523. Both of these were discovered, and patched, two years ago. Therefore, the best way to protect against these attacks is to apply the fix to vulnerable endpoints

The attackers have also put in extra effort to make sure they remain hidden for as long as possible, the researchers said. 

Once the miner is set up, it will create a firewall rule, applied to all Windows Firewall profiles, to block all outgoing traffic. That way, the researchers continued, the IT teams and other defenders won’t be notified of the breach in the system. 

Furthermore, the malware will wait at least 30 seconds between starting the mining process and creating the firewall rule, to evade triggering alarms from security tools that monitor process runtime behavior. 

Cryptocurrency miners won’t destroy a computer, but as they take up almost all of the computing power, will render the device practically useless. What’s more, they could rake up enormous electricity bills for the computers’ owners. 

Morphisec also said that vulnerable Microsoft Exchange server owners shouldn’t take the attack lightly, as after making their way into the network, there’s nothing stopping the attackers from deploying any other form of malware.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/MxD13ic
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,110,Video,5,XIAOMI,13,YouTube - 9to5Google,109,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft Exchange ProxyShell is being exploited to mine crypto once again
Microsoft Exchange ProxyShell is being exploited to mine crypto once again
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/02/microsoft-exchange-proxyshell-is-being.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/02/microsoft-exchange-proxyshell-is-being.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy