15 March 2021

Ransomware Attacks Now Using Exchange Server Exploits

Proving once again that Microsoft is one of the most clueless of tech companies. Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits

I won't revisit the Exchange Server problems that Microsoft has known about since early January. But because like most bureaucracies, they hate to violate their own rules, instead of rushing to fix the exploit, they decided to wait for March 9th, also known as Patch Tuesday. It wasn't fast enough.

Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to deploy ransomware.

Unfortunately, tonight our fears became a reality, and threat actors are using the vulnerabilities to install the DearCry ransomware.

The attacks have been going on since THE BEGINNING of January.

When the whole series of events finally came to light, the response was, WTF was Microsoft thinking? I think it clear that they were only thinking "How can we fit this into our regular schedule." Even though it should have been an "All Hands On Deck!" emergency. The sad thing, is that I don't think MS will suffer much fallout from this. Everyone should abandon Exchange Server, but they won't.

All organizations are strongly advised to apply the patches as soon as possible and to create offline backups of their Exchange servers.

Our infrastructure is under attack. Literally. Microsoft is one of the companies that has built that infrastructure. Yet they don't seem to recognize that they need to take the attacks seriously.

If you're interested in a review of everything, up to, but not including, the deployment of Ransomware, you can see Security Now - Episode 809. The relevant portion of the episode starts at the 1 hour, 14 minutes and 50 second mark. The first 10 minutes or so should give you a decent overview of how big a problem this is.

The whole episode is interesting, but the section on the Exchange Server debacle is 40 minutes by itself. At that link, if you page down a bit, you will find a link the the show notes, which are useful.

at
Labels: ,

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.

Subscribe to: Post Comments (Atom)