LockFile ransomware hits via Exchange hack

exchange, lockfile, microsoft, ransomware, security, BleepingComputer said, wrote in a blog post, managed detection and response (MDR) vendor, Hammond wrote in an update

A new ransomware operator is taking over Windows domains on networks around the world after exploiting a chain of Microsoft Exchange server vulnerabilities called ProxyShell.

The LockFile ransomware gang has taken advantage of the Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities to hijack Windows domains and encrypt devices, security researcher Kevin Beaumont reported Saturday. More technical details were recently disclosed on the ProxyShell flaws, which allowed security researchers and threat actors to reproduce the exploit, BleepingComputer said.

“These vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March – they are more exploitable, and organisations largely haven’t patched,” Beaumont wrote in a blog post. “They are pre-authenticated (no password required) remote code execution vulnerabilities, which is as serious as they come.”

Microsoft didn’t immediately respond to a CRN US request for comment Monday. The Redmond, Wash.-based software giant told CRN US on Friday that customers who’ve applied the latest Microsoft updates are already protected against the ProxyShell vulnerabilities.

When breaching a network, adversaries like LockFile will first access the on-premise Microsoft Exchange server using the ProxyShell flaws. From there, LockFile uses the incompletely patched PetitPotam vulnerability to gain access to the domain controller and then spread across the network, Symantec reported Friday. Once hackers control the Windows domain, it’s easy for them to deploy ransomware.

LockFile was first observed on the network of a U.S. financial organization on July 20, with its latest activity seen as recently as Friday, Symantec wrote in a blog post. Victims of LockFile are primarily based in the United States and Asia, and can be found in verticals such as manufacturing, financial services, engineering, legal, business services, and travel and tourism, according to Symantec.

“New surge in Microsoft Exchange server exploitation underway,” Rob Joyce, director of cybersecurity at the National Security Agency (NSA), wrote at Twitter at 6:58 a.m. USET Saturday. “You must ensure you are patched and monitoring if you are hosting an instance.”

Huntress has observed 164 vulnerable Exchange servers get compromised between Thursday and Sunday, with 13 of those exploitations taking place over the weekend, according to John Hammond, senior security researcher for the managed detection and response (MDR) vendor. Hammond first warned Thursday that attackers were scanning for vulnerable Exchange servers.

“Of the original 1,900 vulnerable Exchange servers from Friday night, we still see 1,764 that are unpatched as of right now,” Hammond wrote in an update at 8:24 p.m. USET Sunday. “This is fairly concerning since we are starting to see active post-exploitation behavior that includes coinminers and ransomware.”

When analyzing one host that was compromised with both ProxyShell and LockFile ransomware, Huntress uncovered a unique configuration it hadn’t seen before for ProxyShell activity, Hammond said. Specifically, the configuration file for the Exchange internet service was modified to include a new “virtual directory,” which essentially redirects one URL endpoint to another location on the filesystem.

“This allows a threat actor to hide a webshell in other uncommon and nonstandard locations, outside of the typically monitoring ASP directories,” Hammond wrote in an update at 10:53 a.m. USET Monday. “If you don’t know to look for this, this is going to slip under the radar and the hackers will persist in the target environment.”

Many U.S. government systems remains unpatched for ProxyShell, with hundreds of internet-facing systems with *.gov SSL certificate hostnames still directly exploitable, Beaumont wrote Saturday. Beaumont – who left Microsoft in April – criticized the company for downplaying the importance of the ProxyShell patches and for not compensating researchers who discover flaws in on-premise Exchange.

“Ask Microsoft to talk about threats against their own products as they would with other vendor’s products,” Beaumont wrote in his blog post. “During this period, Microsoft have [sic] been openly detailing how to exploit vulnerabilities in other vendor’s products, but have completely failed to deal with their own problems.”

David Stinner, president of US itek, a Buffalo, New York MSP, said the new LockFile ransomware attacks using ProxyShell vulnerabilities are yUSET another sign that business owners need to upgrade old technology and move to the cloud.

“This proves to business owners they can’t sit on this old technology and run it for years and years like they did in the pre-ransomware landscape,” he said. “MSPs need to be on alert to find these vulnerabilities and patch their customers to prevent ransomware.”

The problem is many business owners are not willing to pay more for cybersecurity protection, said Stinner. “Business owners are notoriously cheap and don’t understand the critical nature of IT systems in operating their business,” he said. “MSPs need to put all their customers on SIEM (Security Information and Event Management) monitoring with a 24 hour SOC (Security Operations Center) to be able to react before they are ransomed and critical customer data is lost or breached.”

Stinner said staying on premise begs the question of who has more resources to bring to bear to secure customer email: Microsoft or MSPs themselves?

“Of course, it is Microsoft,” he said. “They provide a while different level of protection than MSPs could with an on-premise Exchange server, which is the responsibility of the customer or the MSP to update with patches.”

Additional reporting by Steven Burke

Internet Explorer Channel Network
News Related

OTHER NEWS

Biocon consolidated net profit dips 18% to Rs 138 crore in Q2

Biotechnology major Biocon on Friday said its consolidated net profit declined by 18 per cent to Rs 138 crore for the second quarter ended September 30. The Bengaluru-based company had ... Read more »

FIIs consistently increase their holding in these 5 stocks, surge over 150% in 2021 so far

In 2021 so far, the foreign institutional investors (FIIs) have invested a net of around Rs 66,024 crore in the Indian equities. They were net buyers in 8 out of 10 months ... Read more »

25% of mid-career professionals in digital skills programme secure jobs before completing it

SINGAPORE – A six-month programme to help mid-career professionals with no digital-related background to take up business technology roles has seen an average of one in four participants securing jobs ... Read more »

Renault says chip shortage will lower production more than forecast

French carmaker Renault said on Friday its production losses in 2021 because of a global semiconductor chip shortage would be far larger than previously forecast, but maintained its profit outlook ... Read more »

How to usher payment revolution for millions without a smartphone

The heart of India doesn’t beat to the tunes of a glitzy edgy smartphone. Away from the world of an instant dopamine hit, Instagram hashtags and Snapchat filters, the true ... Read more »

Enkei Wheels Standalone September 2021 Net Sales at Rs 119.23 crore, up 57.24% Y-o-Y

Reported Standalone quarterly numbers for Enkei Wheels (India) are: Net Sales at Rs 119.23 crore in September 2021 up 57.24% from Rs. 75.83 crore in September 2020. Quarterly Net Profit ... Read more »

21st Cen Mgt Consolidated September 2021 Net Sales at Rs 192.55 crore, up 300960% Y-o-Y

Reported Consolidated quarterly numbers for 21st Century Management are: Net Sales at Rs 192.55 crore in September 2021 up 300960% from Rs. 0.06 crore in September 2020. Quarterly Net Profit ... Read more »

21st Cen Mgt Standalone September 2021 Net Sales at Rs 0.66 crore, up 55% Y-o-Y

Reported Standalone quarterly numbers for 21st Century Management are: Net Sales at Rs 0.66 crore in September 2021 up 55% from Rs. 1.48 crore in September 2020. Quarterly Net Loss ... Read more »

Rajneesh Karnatak takes over as Union Bank of India Executive Director

Next on the list of lenders offering lowest interest rate on education loans is, expectedly, another public sector giant. Union Bank’s interest rates start at 6.8 percent, with the EMI ... Read more »

New Zealand Rural Land Company buys six South Island dairy farms for $61.4 million

NZX-listed New Zealand Rural Land Company has bought six dairy farms in Maniototo for $61.4 million. NZRL announced to the market this afternoon that it had entered into a unconditional ... Read more »

Maharashtra reopening: Imagicaa, one of India's biggest theme parks, expects to reach pre-COVID-19 levels by FY23

After a long hiatus, theme parks in Maharashtra will reopen after the state government allowed amusement parks to restart operations from October 22. One of India’s biggest theme parks, Imagicaa, ... Read more »

Five infrastructure mutual funds that delivered 97-118% returns in the last one year

In the massive market rally from March 2020, infrastructure stocks have been major beneficiaries and participants. Naturally, mutual funds that invest exclusively in such stocks have delivered spectacular returns. The ... Read more »

Tesla warns drivers flagged for "improper usage" of dropping full self-driving feature, Elon Musk confirms

File image: Elon Musk Billionaire Elon Musk has confirmed that Tesla will send just one warning to drivers who do not use its advanced driver assist system responsibly before removing ... Read more »

Nifty may move in 18,450-18,000 range over short term until cycle turns upside

Representative Image Ashish Kyal, Founder & CEO at Waves Strategy Advisors Nifty tops can be captured by understanding a simple cyclical behaviour and time concept. So far, we have focused ... Read more »

Why mutual funds are making a dash for electric vehicles with new scheme launches

Newer theme-based mutual funds (MFs) have been hitting the stands in recent times. Electric vehicles seem to be the flavor the season, as more Indian auto-makers launch electric vehicles (EV). ... Read more »

Denied first, paid later: How an insurer made a motorbike's engine capacity the moot point in an accident claim settlement

Consider this: you use your bike to commute regularly and buy a personal accident policy to protect your family’s financial future in case of your death while riding the two-wheeler. ... Read more »

China Evergrande makes payment before deadline, official media says

Troubled property giant China Evergrande made an interest payment to foreign bondholders one day before a deadline that threatened to put the company into default, an official newspaper reported Friday. ... Read more »

ITI Pharma & Healthcare fund NFO review: Should you invest in it?

ITI Pharma and Healthcare Fund (IPHF) is the latest new scheme to be rolled out. This is the sixth mutual fund (MF) focused on the healthcare and pharmaceuticals sector to ... Read more »

Gold Prices Today: Yellow metal likely to remain volatile amid rising festival demand

Gold inched higher in the morning trade in the Indian market and was poised for a second weekly gain on October 22, as a softer dollar provided some respite against ... Read more »

Savers given chance to put their money towards government green projects - but experts say returns are 'paltry'

A green government bond will fund plans such as zero-emission buses but its 0.65% annual rate of return falls well short of savings deals available elsewhere and will look even flimsier if interest rates go up. Read more »

Evergrande financial crisis | Struggling Chinese developer makes bond payment: Report

Image: Reuters Evergrande, the troubled Chinese developer whose struggle to avoid a multibillion-dollar debt default has rattled global financial markets wired $83.5 million on October 22 to make an overdue ... Read more »

Median price of 5-room HDB resale flats in Queenstown now $926,000 in record year for market

Resale prices rose 2.9 per cent in July-September from the previous three months. SINGAPORE – HDB resale prices hit a record-high in the third quarter and saw the fastest nine-month ... Read more »

Who should pay the world's climate debt?

New research suggests that developed countries should pay almost double the amount proposed under the Paris Agreement to offset their historical emissions. Read more »

Asian Paints after Q2 earnings: Should you buy, sell, or hold the share?

Despite an impressive growth in revenue, a sharp fall in profits because of higher raw material costs, has kept investors worried about their holdings in Asian Paints. Asian Paints on October 21 ... Read more »

Nissan ex-chair Carlos Ghosn set on restoring reputation

Carlos Ghosn, the former auto industry superstar whose career screeched to a halt with his arrest three years ago, isn’t about to settle into quiet retirement. The former head of ... Read more »

RIL Q2 Preview: Double-digit growth likely in earnings parameters, driven by retail, digital segments

Billionaire Mukesh Ambani-owned Reliance Industries is expected to clock double-digit growth in key earnings parameters for the September quarter on a year-on-year basis, driven by the retail and digital segments. ... Read more »

Curfew to end in 17 tourist provinces Prelude to reopening to vaccinated foreigners on Nov 1

The road outside the Grand Palace in Bangkok has been almost empty of traffic at night since curfew was announced, to control the spread of Covid-19. (Photo: Pornprom Satrabhaya) The ... Read more »

Government to consider PME task force recommendations for workplace fairness

The remarks were made in response to nine proposals put out by a PME task force led by NTUC and SNEF. SINGAPORE – Proposals from the labour movement and employer’s ... Read more »

Buy USDINR; target of : 75.15 : ICICI Direct

ICICI Direct’s currency report on USDINR US dollar rose by 0.24% yesterday amid upbeat economic data from US and surge in US treasury yields. US unemployment claims fell to a ... Read more »

Top cryptocurrency news on October 22: Major developments in Bitcoin, cryptos and regulations

Cryptocurrency (Representative image) [content][quote]Market Buzz[/quote][title]Bitcoin trading above Rs 48 lakh[/title][circularimage][/circularimage][body]Cryptocurrencies traded mostly in the red so far on October 22. The global crypto market cap stood at $2.58 trillion, 1.51 percent down over the last day. ... Read more »

Asia tech shares jump, China property stocks rally as Evergrande makes payment

Cyclical stocks dragged amid worries that central bankers will need to tighten monetary policy into slowing growth. TOKYO (REUTERS) – Tech stocks climbed in Asia on Friday (Oct 22) following ... Read more »

COP26 | If not net-zero, then what?

(Image: Shutterstock) On October 30, world leaders will gather at Glasgow, Scotland for the 26th UN Climate Change Conference of the Parties (COP26). The summit that was postponed last year ... Read more »

Moschip Tech Consolidated September 2021 Net Sales at Rs 38.02 crore, up 59.55% Y-o-Y

Reported Consolidated quarterly numbers for Moschip Technologies are: Net Sales at Rs 38.02 crore in September 2021 up 59.55% from Rs. 23.83 crore in September 2020. Quarterly Net Profit at ... Read more »

Trident Consolidated September 2021 Net Sales at Rs 1,691.59 crore, up 44.09% Y-o-Y

Reported Consolidated quarterly numbers for Trident are: Net Sales at Rs 1,691.59 crore in September 2021 up 44.09% from Rs. 1,173.98 crore in September 2020. Quarterly Net Profit at Rs. ... Read more »

Asian Paints Consolidated September 2021 Net Sales at Rs 7,096.01 crore, up 32.63% Y-o-Y

Reported Consolidated quarterly numbers for Asian Paints are: Net Sales at Rs 7,096.01 crore in September 2021 up 32.63% from Rs. 5,350.23 crore in September 2020. Quarterly Net Profit at ... Read more »

Asian Paints Standalone September 2021 Net Sales at Rs 6,151.85 crore, up 35.9% Y-o-Y

Reported Standalone quarterly numbers for Asian Paints are: Net Sales at Rs 6,151.85 crore in September 2021 up 35.9% from Rs. 4,526.71 crore in September 2020. Quarterly Net Profit at ... Read more »

Trident Standalone September 2021 Net Sales at Rs 1,662.57 crore, up 41.93% Y-o-Y

Reported Standalone quarterly numbers for Trident are: Net Sales at Rs 1,662.57 crore in September 2021 up 41.93% from Rs. 1,171.44 crore in September 2020. Quarterly Net Profit at Rs. ... Read more »

Budget 2021: More than 100 MPs urge Rishi Sunak to cut duty for draught beer

In a letter to Rishi Sunak, a group of Tory backbenchers call on the chancellor to maintain a freeze on alcohol duties when he delivers his budget on Wednesday. And they have also want the chancellor to introduce a cut in duty for draught beer. Read more »

Cryptocurrency Prices Today: Bitcoin down 0.53%, price above Rs 48 lakh on October 22

Bitcoin (Image: Reuters) Cryptocurrencies are mostly in the red on October 22. The global crypto market cap is $2.58 trillion, a 1.51 percent decrease over the last day. The total ... Read more »

Buzzing Stocks: RIL, Zee Entertainment, HDFC Life Insurance and other stocks in news today

Results on October 22: Reliance Industries, HDFC Life Insurance Company, Yes Bank, Apollo Pipes, Bharat Seats, Crompton Greaves Consumer Electricals, Dodla Dairy, Federal Bank, Gland Pharma, Hindustan Zinc, Inox Leisure, ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic