Security News

The past four months have exposed two high-profile attacks, which both had pundits declaring them the "Worst-ever" and "Unprecedented." They shared other similarities - both attacked businesses rather than individuals, and affected tens of thousands of organizations. The second hack was against Microsoft Exchange servers and had a more familiar trajectory: Attackers found a series of zero-day vulnerabilities that could be chained together to break into any Exchange servers that were internet-accessible - and steal all the emails and files stored on them.

Cryptocurrency trading platform Hotbit has shut down all services for at least a week after a cyberattack that down several of its services on Thursday evening. Hotbit assured its roughly 2 million registered users from over 210 countries that their cryptocurrency assets were "Safe and secure."

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. "These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.

If you're running Microsoft Exchange anywhere in your organisation and you're not extremely concerned about the threat from Hafnium, you haven't been paying attention this year. The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform, modular Monero-mining botnet that seems to have flown under the radar for years.

The US government's response groups for dealing with recent SolarWinds and Microsoft Exchange vulnerabilities have reached the end of the road. In a statement on Monday, US Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said the two Unified Coordination Groups formed in January and March respectively will be disbanded. The SolarWinds incident, disclosed last December and subsequently attributed to the Russian Foreign Intelligence Service, involved the hacking of SolarWinds' Orion IT management platform and is believed to have compromised at least nine federal agencies and about 100 private sector organizations.

Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses can identify and clear ProxyLogon Microsoft Exchange infections. The Small-to-Medium Business Microsoft Exchange Checklist Is This Checklist for Me? The four vulnerabilities described in Microsoft's communications to date do not appear to affect Exchange Online or Office 365 services.