Security News > 2020 > October > Microsoft Exchange, Outlook Under Siege By APTs

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data.

APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".

This file exploits the CVE- 2017-11774 Outlook vulnerability, a security-feature bypass vulnerability that affects Microsoft Outlook and enables attackers to execute arbitrary commands, researchers said.

Cybercriminals are also targeting services that support Exchange and OWA. For instance, client-access servers, which handle all client connections to Exchange Server 2010 and Exchange 2013, typically operate in web-login portals for services including OWA. Attackers with access to CAS may be able to deploy capabilities to steal user login credentials, researchers said.

Beyond malware, Microsoft is top of the heap when it comes to hacker impersonations - with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year, according to Check Point researchers.

News URL

https://threatpost.com/microsoft-exchange-outlook-apts/160273/