BlackKingdom Targets Msoft Exchange- Experts Comment

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog
Business Data Breach

Expert(s): Saryu Nayyar, Jorge Orchilles | Informationsecuritybuzz.com »

This Sunday security researcher Marcus Hutchins discovered Microsoft Exchange servers are now being targeted by BlackKingdom ransomware. Marcus, MalwareTechBlog on Twitter, tweeted his findings that a threat actor was compromising all vulnerable Exchange servers via ProxyLogon vulnerability.

 

EXPERTS COMMENTS
Saryu Nayyar

| March 23, 2021

Saryu Nayyar, CEO, Gurucul

As long as there are still unpatched Microsoft Exchange servers accessible on the open internet, we will see attacks like this.

As long as there are still unpatched Microsoft Exchange servers accessible on the open internet, we will see attacks like this. The payloads may change depending on what the threat actor is after, but they will continue to leverage the vulnerabilities in Exchange Server until there aren’t any vulnerable hosts to exploit.

This series of attacks is a reminder how important it is to maintain on-premises software with security patches, and to make sure the local environment is protected with an up to date security stack.

 

| March 23, 2021

Jorge Orchilles, CTO, SYTHE

The trend of state actors and ransomware groups using the same exploits is common.

The trend of state actors and ransomware groups using the same exploits is common. We saw it with nation states using EternalBlue followed by WannaCry and NotPetya ransomware. When an exploit is new and relatively unknown, it is exploited by the more sophisticated groups that have access to it. As the exploit becomes more known, other groups focused on monetizing the exploit will begin to use them. Today, those groups focus on dropping ransomware after the initial access.

At this point, if there is an external facing Exchange server that has not been patched, it most likely has multiple threat actors fighting over access to leverage the access.

BlackKingdom
External Link: BlackKingdom Targets Msoft Exchange- Experts Comment

Share this page:

Related Posts