Security News > 2023 > September > Protecting Your Microsoft IIS Servers Against Malware Attacks

Recently, a slew of activity by the advanced persistent threat group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code.
This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.
On a particular note, for security teams is that the vulnerabilities targeted in these attacks for the initial breach were commonly scanned for and high-profile vulnerabilities that included Log4Shell, a vulnerability in desktop VoIP solution 3CX, and a remote code execution vulnerability in the digital certificate solution MagicLine4NX. Further Attacks Using IIS Servers to Distribute Malware#.
A further round of malware attacks involving Microsoft IIS servers targeted the financial security and integrity-checking software, INISAFE CrossWeb EX. The program, developed by Initech, is vulnerable from version 3.3.2.41 or earlier to code injection.
All of this adds up to the conclusion that Lazarus actors are not only exploiting common vulnerabilities to compromise Microsoft IIS servers, but they are then piggy backing off the trust that most systems place in these application servers to distribute malware via compromised IIS servers.
As is evidenced by Lazarus' attacks, common vulnerabilities in web applications hosted on Microsoft IIS can be leveraged by adversaries to compromise the server, gain unauthorized access, steal data, or launch further attacks.
News URL
https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Police detains Smokeloader malware customers, seizes servers (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)