Security News > 2023 > January > Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week.
"We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future," Rackspace noted in its final update on the concluded forensic investigation.
Customers attempting to connect to Rackspace's Hosted Exchange environment started having trouble on December 2, 2022, and soon enough the company confirmed that a security breach had taken place, due to a ransomware attack.
While the company is set to deliver within two weeks an on-demand solution for those customers who wish to download their archived data, there can be no going back to using the Rackspace Hosted Exchange service.
Customers who don't want to or can't migrate to Microsoft 365 - but still have faith in the company's security capabilities - have been pointed towards the Rackspace Email service.
Trend Micro researchers have documented Play ransomware's attack playbook in September 2022, but obviously the ransomware group's initial access capabilities have been improved with the use of this new Exchange exploit chain - and Rackspace suffered as a consequence.
News URL
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Security measures fail to keep up with rising email attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)