Security News > 2023 > September > Protecting Your Microsoft IIS Servers Against Malware Attacks

Recently, a slew of activity by the advanced persistent threat group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code.
This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.
On a particular note, for security teams is that the vulnerabilities targeted in these attacks for the initial breach were commonly scanned for and high-profile vulnerabilities that included Log4Shell, a vulnerability in desktop VoIP solution 3CX, and a remote code execution vulnerability in the digital certificate solution MagicLine4NX. Further Attacks Using IIS Servers to Distribute Malware#.
A further round of malware attacks involving Microsoft IIS servers targeted the financial security and integrity-checking software, INISAFE CrossWeb EX. The program, developed by Initech, is vulnerable from version 3.3.2.41 or earlier to code injection.
All of this adds up to the conclusion that Lazarus actors are not only exploiting common vulnerabilities to compromise Microsoft IIS servers, but they are then piggy backing off the trust that most systems place in these application servers to distribute malware via compromised IIS servers.
As is evidenced by Lazarus' attacks, common vulnerabilities in web applications hosted on Microsoft IIS can be leveraged by adversaries to compromise the server, gain unauthorized access, steal data, or launch further attacks.
News URL
https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html
Related news
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)