Security News > 2020 > October > Microsoft Exchange, Outlook Under Siege By APTs
New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data.
APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".
This file exploits the CVE- 2017-11774 Outlook vulnerability, a security-feature bypass vulnerability that affects Microsoft Outlook and enables attackers to execute arbitrary commands, researchers said.
Cybercriminals are also targeting services that support Exchange and OWA. For instance, client-access servers, which handle all client connections to Exchange Server 2010 and Exchange 2013, typically operate in web-login portals for services including OWA. Attackers with access to CAS may be able to deploy capabilities to steal user login credentials, researchers said.
Beyond malware, Microsoft is top of the heap when it comes to hacker impersonations - with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year, according to Check Point researchers.
News URL
https://threatpost.com/microsoft-exchange-outlook-apts/160273/
Related news
- Microsoft shares temp fix for Outlook crashing when writing emails (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)