Security News

It's looking like the exploitation of critical Exchange flaws that Microsoft revealed at the start of the month could be much worse than folks first suspected. An analysis by Slovak security shop ESET claims that six advanced criminal hacking groups, thought to have some level of state sponsorship, used the zero days to attack government and industry sites before the flaws were patched.

Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. According to the latest reports, cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry."

Since Microsoft disclosed actively exploited Microsoft Exchange security vulnerabilities, known collectively as ProxyLogon, administrators and security researchers have been scrambling to protect vulnerable servers exposed on the Internet. The PoC provided enough information that security researchers and threat actors could use it to develop a functional remote code execution exploit for Microsoft Exchange servers.

One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers. Last night our fears became a reality after ID-Ransomware creator Michael Gillespie revealed that the new DearCry Ransomware targeted Microsoft Exchange servers.

The operators of Lemon Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers. Lemon Duck's ongoing attacks on vulnerable Exchange servers have already reached a massive scale, according to Costin Raiu, director of Kaspersky's Global Research and Analysis Team.

The UK's National Cyber Security Centre has reminded Brits to patch their Microsoft Exchange Server deployments against Hafnium attacks, 10 days after the US and wider infosec industry shouted the house down saying the same thing. The agency told press on Friday afternoon that it had proactively helped UK organisations fix around 2,100 affected mailservers following last week's out-of-band patches to resolve four zero-day vulnerabilities in Exchange Server.

Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in early March for four Microsoft Exchange flaws.

In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators. A total of four critical zero-day vulnerabilities that are collectively referred to as ProxyLogon were patched in Exchange Server at the beginning of this month, and activity surrounding the bugs has only intensified since.

Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.

Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.