The recently discovered security flaws in Microsoft's email software Exchange are reportedly also being exploited by cryptominers. In particular, unpatched company servers are apparently targeted.
Experts believe that the security gaps in Microsoft's Exchange communications system are increasingly being used by hackers to blackmail their victims. That said security expert Rüdiger Trost from the Finnish software company F-Secure of the German press agency. The Federal Office for Information Security (BSI) had previously issued the highest alarm level.
Microsoft also sees the risk of blackmail and therefore urges its customers to install the existing updates that close the gaps. "This second attack wave is aimed at profit, and the attackers are cybercriminals, not state actors," said Microsoft manager Tom Burt in the "Frankfurter Allgemeine Zeitung".
Security expert Trost said: "As blackmail software and cryptominer are increasingly a threat, companies must act now. They not only risk that information is stolen from their mail server, but also that it will be encrypted, which will cause further costs later." Cryptominer are programs with which cryptocurrencies can be mined. The victims are harmed by the computing power used and the additional electricity costs.
The cybercriminals behind the #LemonDuck cryptocurrency mining botnet are massively hitting vulnerable Exchange servers via ProxyLogon. IOCs to check: p.estonine [.] Com, cdn.chatcdn [.] Net.
- Costin Raiu (@craiu) March 12, 2021
"Lemon_Duck": Botnet has already done a lot of damage in the past
As Bleeping Computer reports, the attacks come from the operators of Lemon_Duck. This is a cryptomining botnet that particularly targets unpatched servers in corporate networks. The criminals install mining software on infected devices so that cryptocurrency can be "mined" there.
According to Bleeping Computer's report, the Lemon_Duck attacks have already done a lot of damage in the past. So-called brute force attacks were used, for example, to gain access to the victims' networks. Corona-related spam attacks have already been recorded by the botnet.
Apparently, tens of thousands of companies have already been compromised by attacks by Lemon_Duck - more precise figures are not yet available.
Federal authorities are victims of hacker attacks because of Microsoft's security vulnerability
In the past few weeks, Microsoft has discovered several malicious programs that exploited recently disclosed security holes in its Exchange e-mail system. The group published security updates with which the gaps should be closed. However, the updates must be installed by the customer themselves.
The organizations affected by the hacker attacks also include eight federal authorities, including the Paul Ehrlich Institute in Langen, the German Federal Institute for Vaccines and Biomedical Medicines. Trost pointed out that documents about the corona vaccine from Biontech and Pfizer were stolen in a cyberattack on the European Medicines Agency (EMA) in December. "The current attack on the Paul Ehrlich Institute is therefore not surprising. Vaccine data are simply a very attractive target for state secret services during a pandemic."
0 Comments