Blog

Microsoft Exchange Servers Targeted By Hackers

May 13, 2022 | Blog

If you rely on a Microsoft Exchange server to handle email for your company, there is something you should be aware of. Recent research by security and analytics company Varonis has discovered that an affiliate of Hive ransomware has begun targeting Exchange servers that are vulnerable to ProxyShell security issues.

If the group in question finds a vulnerable server, they’ll install a variety of backdoors including Cobalt Strike beacon. That allows them to come back later and snoop around in your network for anything of value, steal administrator account credentials, make off with your company’s proprietary data, or encrypt your files and demand payment from you to get them back.

The exploited flaws are being tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31297. All 3 range in severity from 7.2 (high) to 9.8 (critical).

This group is hardly unique in exploiting these flaws.  They’ve been used by other hacker groups including Cuba, Babuk, BlackByte, Conti, and others.  The fact that the exploits seem to be growing in popularity among the hacking community is the most troubling aspect of the recent discovery.

Hive has been around since at least June of last year (2021) and the group has evolved considerably since they first appeared. That prompted the FBI to release a report detailing their activities and tactics to better prepare IT professionals for attacks the group might make against their organizations.

In October 2021, the Hive gang added Linus and Free BSD variants to their growing bank of tricks and they became one of the most active ransomware operations as measured by the frequency of their attacks.

Just last month, researchers operating out of Sentinel Labs discovered that the group is utilizing a new obfuscation technique in a bid to better mask the malicious payloads they introduce to infected networks.

All of this points to the fact that the Hive group is actively working to improve the efficiency and effectiveness of their attacks.  Stay vigilant and be on the alert for this group.  They’ve got a well deserved reputation for being dangerous.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech