Security News > 2022 > December > The Week in Ransomware - December 23rd 2022 - Targeting Microsoft Exchange
Reports this week illustrate how threat actors consider Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and deploy ransomware.
CrowdStrike researchers reported this week that the Play ransomware operation utilized a new Microsoft Exchange attack dubbed 'OWASSRF' that chained exploits for CVE-2022-41082 and CVE-2022-41080 to gain initial access to corporate networks.
Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution on vulnerable servers through Outlook Web Access.
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305.
The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.
Ransomware Roundup - Play Ransomware That's it for this week! Hope everyone has a nice holiday and we will return after the new year!
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-09 | CVE-2022-41080 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.8 |
2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.0 |