• Email Us: [email protected]
  • Contact Us: +1 718 874 1545
  • Skip to main content
  • Skip to primary sidebar

Medical Market Report

  • Home
  • All Reports
  • About Us
  • Contact Us

Ransomware Gang Abuses ProxyShell Vulnerabilities To Hack Microsoft Exchange Server

August 27, 2021 by Eddie Worrell Leave a Comment

A group of ransomware gangs has exploited recently disclosed ProxyShell vulnerabilities to hack into Microsoft Exchange servers. The hackers, known as LockFile, have encrypted Windows domains. ProxyShell is the name given to an attack that comprises three chained Microsoft Exchange vulnerabilities. Because of these vulnerabilities, the hackers managed to do unauthenticated and remote code execution. Interestingly, the development comes close on the heels of Huntress warning about it. 140-plus web shells on Microsoft Exchange Server 2013, 2016, and 2019 were seen by the threat researcher. Huntress had uncovered found over 1,900 unpatched boxes in less than two days. Talking about it, Huntress threat hunter John Hammond had said that ransomware gangs were actively scanning for vulnerable Microsoft Exchange servers. “They were trying to abuse all the latest Microsoft Exchange vulnerabilities that the tech giant had patched in May 2021,” John Hammond said in a blog post. Huntress had alerted about it just five months after it alerted about the on-premises breach. Chinese state-sponsored hackers were behind it. At that time, Huntress had said that the scope and scale of the attack were much more than what was initially anticipated by Microsoft.

“Earlier in March this year, hackers were trying to attack on-premises Exchange servers as multiple zero-day exploits were witnessed by us. The scenario has not improved much since then. Vulnerabilities that have not been patched since then are not safe and therefore there are many chances of them being exploited,” said Hammond. The Elliott City, Maryland-headquartered Huntress had recommended that all latest security patches much be updated by MSPs. “Monitoring for any indications of compromise is important. Also, staying updated on new information as and when it is released is crucial to avoid any untoward incidents,” the blog post reads. Huntress had even promised to keep updating the blog with all the new updates as it gets them. Hammond said that vulnerabilities in ProxyShell are being exploited to install a backdoor. “These hackers would the backdoor for later access. The backdoor can be used to upload other programs and execute them.” LockFile gang then uses these things to take over a domain controller and ultimately the Windows domain. Things got more complicated as there was not much known about the LockFile ransomware operation. It was first seen in July but there was no particular branding.

Microsoft spokesperson had said that users who had applied for the latest updates are free from any kind of vulnerabilities. Meanwhile, experts are of the view that the Exchange server on-premise attack shows that the pace of cyber-attacks has increased. “This is frustrating as such incidents are a major problem for MSPs. This is a wake-up call millions of customers worldwide,” said Michael Goldstein, CEO of LAN Infotech. Cyber experts are recommending users to move to the cloud. Though they feel that even the cloud is not perfect, it manages to provide a lot of security when compared to on-premise Exchange servers. Also, the cloud needs very little attention. “The on-premises solutions require your regular attention as they need to be updated daily and weekly. This could be a tiresome task for many users and therefore it always leaves a space for exploitation. Also, it requires a lot of expertise to make things work properly,” he said. There are several service providers who are reaching out to their customers and asking them to shift to the cloud with Office 365. The only reason customers are sticking to on-premise Exchange servers is that it seems that the cost for hosting MSPs would be cheaper. “But this is not the case when you would consider all the vulnerabilities that come along,” an expert was quoted as saying.

Eddie Worrell
Eddie Worrell

Related posts:

  1. The Galaxy Fold screen replacement will cost around US$ 149
  2. Apple Opens All 270 Stores In US For First Time In Almost One Year
  3. Apple Introduces Long-Awaited AirTags Accessory For USD 29, Include U1 Chip For Precision Finding
  4. DirecTV Once Again A Standalone Company; Will Own And Run The AT&T TV, U-Verse

Filed Under: Technology

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

  • Why Do Your Towels Dry You Better When They’re Older?
  • “She Would See That Face Morph Into The Face Of A Dragon”: Strange Tales From Neuroscience At CURIOUS Live
  • A Giant Mountain Range Has Been Hidden Under Antarctica’s Ice For Millions Of Years
  • Why Did Ancient Silver Coins Have Owls On Them?
  • Ancient Humans May Have Survived In Isolated Northern Scotland During Extreme Cooling 12,000 Years Ago
  • In The Year 536 CE, A Truly Miserable Period Of Human History Began
  • Why Is The Uncanny Valley So Frightening? And What One Frowny Robot Is Doing To Overcome It
  • 5-Million-Year-Old Antarctic Ice Core Contains Sample Of Air From The Pliocene Epoch
  • Flamingos Make Tiny Tornadoes In Water To Trap Their Prey
  • Off The Coast Of California Strange And Regular Circular Structures Line The Ocean Floor
  • Jupiter’s Aurorae Change Faster Than Previously Thought – But There’s Something Even Odder Going On
  • US Measles Cases Pass 1,000, Speeding Towards Worst Outbreaks Since 2019
  • UMa3/U1: Is This The Smallest Galaxy Ever Discovered, Or Something Else?
  • A Flying Car That Can Reach Over 155 MPH In Air Might Come To Market In 2026
  • World-First 3D-Printed Skin Robot Aims To Help Burn Patients In Australia
  • Dramatic Video Shows “First-Ever” Fault Movement Surface Rupture Caught On Camera
  • Migraine Drug Could Be First To Treat Symptoms That Come Before The Headache
  • You’re Not Actually Supposed To Rinse Your Mouth After Brushing Your Teeth
  • 170 Years On, Thoreau’s Detailed Diaries Have A Lot To Teach Us About The Seasons
  • Obsidian Blades At The Main Aztec Temple Came From Enemy Territory
  • Business
  • Health
  • News
  • Science
  • Technology
  • +1 718 874 1545
  • +91 78878 22626
  • [email protected]
Office Address
Prudour Pvt. Ltd. 420 Lexington Avenue Suite 300 New York City, NY 10170.

Powered by Prudour Network

Copyrights © 2025 · Medical Market Report. All Rights Reserved.

Go to mobile version