Security News > 2023 > September > Protecting Your Microsoft IIS Servers Against Malware Attacks

Recently, a slew of activity by the advanced persistent threat group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code.

This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.

On a particular note, for security teams is that the vulnerabilities targeted in these attacks for the initial breach were commonly scanned for and high-profile vulnerabilities that included Log4Shell, a vulnerability in desktop VoIP solution 3CX, and a remote code execution vulnerability in the digital certificate solution MagicLine4NX. Further Attacks Using IIS Servers to Distribute Malware#.

A further round of malware attacks involving Microsoft IIS servers targeted the financial security and integrity-checking software, INISAFE CrossWeb EX. The program, developed by Initech, is vulnerable from version 3.3.2.41 or earlier to code injection.

All of this adds up to the conclusion that Lazarus actors are not only exploiting common vulnerabilities to compromise Microsoft IIS servers, but they are then piggy backing off the trust that most systems place in these application servers to distribute malware via compromised IIS servers.

As is evidenced by Lazarus' attacks, common vulnerabilities in web applications hosted on Microsoft IIS can be leveraged by adversaries to compromise the server, gain unauthorized access, steal data, or launch further attacks.

News URL

https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html