• Email Us: [email protected]
  • Contact Us: +1 718 874 1545
  • Skip to main content
  • Skip to primary sidebar

Medical Market Report

  • Home
  • All Reports
  • About Us
  • Contact Us

Ransomware Gang Abuses ProxyShell Vulnerabilities To Hack Microsoft Exchange Server

August 27, 2021 by Eddie Worrell Leave a Comment

A group of ransomware gangs has exploited recently disclosed ProxyShell vulnerabilities to hack into Microsoft Exchange servers. The hackers, known as LockFile, have encrypted Windows domains. ProxyShell is the name given to an attack that comprises three chained Microsoft Exchange vulnerabilities. Because of these vulnerabilities, the hackers managed to do unauthenticated and remote code execution. Interestingly, the development comes close on the heels of Huntress warning about it. 140-plus web shells on Microsoft Exchange Server 2013, 2016, and 2019 were seen by the threat researcher. Huntress had uncovered found over 1,900 unpatched boxes in less than two days. Talking about it, Huntress threat hunter John Hammond had said that ransomware gangs were actively scanning for vulnerable Microsoft Exchange servers. “They were trying to abuse all the latest Microsoft Exchange vulnerabilities that the tech giant had patched in May 2021,” John Hammond said in a blog post. Huntress had alerted about it just five months after it alerted about the on-premises breach. Chinese state-sponsored hackers were behind it. At that time, Huntress had said that the scope and scale of the attack were much more than what was initially anticipated by Microsoft.

“Earlier in March this year, hackers were trying to attack on-premises Exchange servers as multiple zero-day exploits were witnessed by us. The scenario has not improved much since then. Vulnerabilities that have not been patched since then are not safe and therefore there are many chances of them being exploited,” said Hammond. The Elliott City, Maryland-headquartered Huntress had recommended that all latest security patches much be updated by MSPs. “Monitoring for any indications of compromise is important. Also, staying updated on new information as and when it is released is crucial to avoid any untoward incidents,” the blog post reads. Huntress had even promised to keep updating the blog with all the new updates as it gets them. Hammond said that vulnerabilities in ProxyShell are being exploited to install a backdoor. “These hackers would the backdoor for later access. The backdoor can be used to upload other programs and execute them.” LockFile gang then uses these things to take over a domain controller and ultimately the Windows domain. Things got more complicated as there was not much known about the LockFile ransomware operation. It was first seen in July but there was no particular branding.

Microsoft spokesperson had said that users who had applied for the latest updates are free from any kind of vulnerabilities. Meanwhile, experts are of the view that the Exchange server on-premise attack shows that the pace of cyber-attacks has increased. “This is frustrating as such incidents are a major problem for MSPs. This is a wake-up call millions of customers worldwide,” said Michael Goldstein, CEO of LAN Infotech. Cyber experts are recommending users to move to the cloud. Though they feel that even the cloud is not perfect, it manages to provide a lot of security when compared to on-premise Exchange servers. Also, the cloud needs very little attention. “The on-premises solutions require your regular attention as they need to be updated daily and weekly. This could be a tiresome task for many users and therefore it always leaves a space for exploitation. Also, it requires a lot of expertise to make things work properly,” he said. There are several service providers who are reaching out to their customers and asking them to shift to the cloud with Office 365. The only reason customers are sticking to on-premise Exchange servers is that it seems that the cost for hosting MSPs would be cheaper. “But this is not the case when you would consider all the vulnerabilities that come along,” an expert was quoted as saying.

Eddie Worrell
Eddie Worrell

Related posts:

  1. The Galaxy Fold screen replacement will cost around US$ 149
  2. Apple Opens All 270 Stores In US For First Time In Almost One Year
  3. Apple Introduces Long-Awaited AirTags Accessory For USD 29, Include U1 Chip For Precision Finding
  4. DirecTV Once Again A Standalone Company; Will Own And Run The AT&T TV, U-Verse

Filed Under: Technology

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

  • Scientists Studied “Chicago Rat Hole” – They Have Bad News, The South Atlantic’s Magnetic Field Weak Spot Is Growing, And Much More This Week
  • Could This Be The Real Reason Humans Survived And Neanderthals Died Out?
  • Newly Discovered Snail Species Named After Studio Ghibli Co-Founder Is A Hairy Beauty
  • 2025 SC79 Is The Second-Fastest Asteroid Ever Found – And Only The Second Within Venus’ Orbit
  • When Red Devil Spiders Arrived On A New Island, Their Genome Dramatically Shrank In Half
  • Is This The World’s Oldest Story? Ancient Human Tale About The Seven Sisters May Be From 100,000 BCE
  • This Pill Is Actually A Tiny Printer That Repairs Internal Injuries Using Biocompatible Ink
  • “This Is Amazing”: Scientists Have Found Evidence Of A Long-Lost World Deep Within The Earth
  • From The Shiniest World To Lava And Eternal Darkness, These Are The Weirdest Known Planets
  • Do Sharks Have Bones?
  • The Zombie Awakens: A Volcano Is Showing “First Signs” Of Unrest After 700,000 Years Of Quiet
  • Two Of The World’s Biggest Earthquakes Seem To Be Synched Together
  • California Has A New State Snake, And It’s A 1.6-Meter-Long Giant
  • Experimental Nanoparticle “Super-Vaccines” Stop Breast, Pancreatic, And Skin Cancers In Their Tracks
  • New Nightmare Fuel Unlocked: Watch The First Known Capture Of A Shrew By A False Widow Spider
  • Peculiar Glow In The Milky Way Might Be Dark Matter Signature
  • “I Was Scared To Death”: Missouri’s Great Cobra Scare Of 1953 Was Eventually Solved After 35 Years
  • Two Spacecraft To Fly Through Comet 3I/ATLAS’s Ion Tail – Will They Be Able To Catch Something?
  • Pioneering Heavy Water Detection Suggests Earth’s Water Might Be Older Than The Sun
  • PhD Students’ Groundbreaking New Technique Rescues JWST’s Highest Resolution Data
  • Business
  • Health
  • News
  • Science
  • Technology
  • +1 718 874 1545
  • +91 78878 22626
  • [email protected]
Office Address
Prudour Pvt. Ltd. 420 Lexington Avenue Suite 300 New York City, NY 10170.

Powered by Prudour Network

Copyrights © 2025 · Medical Market Report. All Rights Reserved.

Go to mobile version