https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

Mass Microsoft Exchange Exploitation Prompts Cryptojacking Threat

  • Written by Edward Gately
  • April 13, 2021
Other attackers could install more harmful malware.

The mass Microsoft Exchange exploitation is still attracting malicious hackers, including an unknown attacker attempting to leverage what’s known as the ProxyLogon exploit.

That’s according to findings from the SophosLabs team. It was inspecting telemetry when it came across the unusual attack targeting a customer’s Exchange server.

Since the Microsoft Exchange exploitation, a range of threat actors have been targeting exploitable servers with a variety of malware, from webshells to ransomware. But those aren’t the only payloads directed at Exchange servers.

The unknown attacker has been trying to foist a malicious Monero cryptominer onto Exchange servers with the payload hosted on a compromised Exchange server.

Cryptojacking infects computers to use them to mine cryptocurrencies usually without a user’s knowledge. It can lead to slowdowns and crashes due to straining of computational resources.

Different from Other Malware

Andrew Brandt is a principal researcher at Sophos.

Sophos' Andrew Brandt

Sophos’ Andrew Brandt

“The threat of cryptojacking is pretty different than other malware,” he said. “What it comes down to is that a vulnerable server is running a cryptominer, earning money for the attacker while generating a greater than normal demand for computing power. This can slow down the server’s performance for non-cryptomining tasks, and could prematurely cause mechanical parts like fans or hard drives to fail as a result of the increased demand.”

Moreover, if a threat actor installs a cryptominer on a server without the owner’s knowledge, it represents a “sort of canary in the coal mine,” Brandt said.

“It means that any other attacker could (and possibly already did) install other malware that could be much more harmful,” he said. “At the very least, this attack in particular is one way to know for sure that the server has not been patched properly against the ProxyLogon vulnerability.”

Beyond Patching

In addition to patching these servers and checking that they are no longer vulnerable, the existence of this kind of attack speaks to the need for enterprises that operate on-premises server hardware to install endpoint protection software on those servers, Brandt said.

“These have become much more advanced in recent years and no longer have a detrimental effect on server performance they once might have,” he said. “And the protection they provide is essential not only to stopping this kind of attack, but the next one as well, when Microsoft discovers any other vulnerability of the same nature as ProxyLogon in the future. It also pays to block the domains used by cryptocurrency miners to upload their hashes or the computational product of their work. If the miner cannot upload the work to an attacker’s wallet, it prevents the attacker from receiving any of the benefit of that work.”

Microsoft Exchange Exploitation Attracts Broad Range of Threats

Oliver Tavakoli is CTO at Vectra.

“It stood to reason that the Microsoft Exchange server vulnerabilities would be leveraged toward a broad set of nefarious ends,” he said. “What makes this example interesting is that having hacked into one such Exchange server, the attacker staged a cryptomining package on it and when hacking into other Exchange servers simply retrieved the package from the staged location. Firewalls are unlikely to block traffic between Exchange servers and may even give such traffic a pass in terms of content inspection thus providing a good channel for delivery of dubious executables.”

Vulcan Cyber's Yaniv Bar-Dayan

Vulcan Cyber’s Yaniv Bar-Dayan

Yaniv Bar-Dayan is CEO and co-founder of Vulcan Cyber.

“Unless you are OK with somebody living in your basement and not paying rent, or a neighbor torrenting on your Wi-Fi, you probably don’t want cryptominers running payloads on your Exchange server,” he said. “We’d recommend anybody running Exchange to scan for this vulnerability as soon as possible to identify and prioritize potential risk to your business from the ProxyLogon exploit.”

On Tuesday, Microsoft released patches for three versions of its Exchange server email and calendar software that companies use in on-premises data centers, according to CNBC. In addition, the federal government ordered all agencies to install them, warning the vulnerabilities being patched “pose an unacceptable risk to the federal enterprise and require an immediate and emergency action.”

Tags: MSPs Best Practices Security Technologies

Most Recent


  • trophy
    Verizon, AT&T Among Avaya Partner of the Year Award Winners
    Who was awarded the overall U.S. Partner of the Year for total growth?
  • Eight, 8
    8 Takeaways You Need to Know from AWS’ Public Sector Summit
    Get the scoop from Jeffrey Kratz, who now leads the vendor’s public sector partner program.
  • Managed Security Services
    Verizon Data Breach Investigation Report: Employee Cybersecurity Training Still Lagging as Stolen Credentials Rise
    The DBIR team examined more than 914,000 incidents and nearly 235,000 data breaches.
  • Are You Ready
    Microsoft Readies Era of NPU Devices with Hybrid Loop, Project Volterra
    Devices with neural processors will enable processing to shift from device to cloud.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • USB drive
    A Coup and a Theft: Why MSPs Can’t Let Clients Get Lax About USB Security
  • Ransomware skull and crossbones
    JBS Did What it 'Needed to Do' with $11 Million Ransom Payment
  • hybrid clouds
    Nutanix, HPE Team on Hybrid, Multicloud via GreenLake
  • lone Arctic wolf
    Arctic Wolf Enhances Partner Program with 2 New Tiers

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

8 Takeaways You Need to Know from AWS’ Public Sector Summit

May 24, 2022

Verizon Data Breach Investigation Report: Employee Cybersecurity Training Still Lagging as Stolen Credentials Rise

May 24, 2022

Top 5 Cloud, Data Announcements from Informatica World

May 24, 2022

Industry Perspectives

View all

Leverage Your MSP’s People Power

May 24, 2022

How SD-WAN Helps Secure the Expanding Network Perimeter

May 19, 2022

A Sneak Peek at the 2022 BrightCloud Threat Report

May 17, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

The AT&T Cybersecurity Incident Response Toolkit

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

.@Avaya doles our Partner of the Year honors to @ATTBusiness @VerrizonBusiness @Converge_One @Jenne_inc @TELUS… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

.@IngramMicroInc's John Dusett talks @ThisIsCloudBlue, MSPs, cybersecurity, AWS and more. dlvr.it/SR0Cw1 https://t.co/OpcZRj9fdb

May 24, 2022
ChannelFutures

.@VZDBIR dove deep into the latest #databreach trends. @TheMediaTrust @saryunayyar @Gurucul @olsontmt… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

Using people power to drive #profitability and capitalize on emerging #tech @Sherweb #MSPs dlvr.it/SQzrrl https://t.co/XwLfY492B0

May 24, 2022
ChannelFutures

.@Unit4Global @embridgeconsult talk the shift away from service delivery to sales #ERP. dlvr.it/SQzmPV https://t.co/dKLAPIKfzS

May 24, 2022
ChannelFutures

This Thursday, join us online for this incredible discussion, hosted by @chachelly of @figfirm, and featuring the i… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

Check out the news coming from @Informatica today regarding cloud, data, #AI. #InformaticaWorld… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

What are traits of a valuable vendor/partner relationship? We asked our roundtable partner participants to weigh in… twitter.com/i/web/status/1…

May 23, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X