独家
微软交换受到攻击LockFile ransomware目标服务器
安全研究人员声称,他们已经发现了一种新的ransomware家庭称为LockFile似乎相同的攻击早些时候使用Microsoft Exchange服务器在美国和亚洲。
-
BSNL名字六个官员被迫退休
强制退休的军官派是印度电信服务(其)干部分批从1988年到1992年。
-
-
-
安全研究人员声称,他们已经发现了一种新的ransomware家庭LockFile这似乎相同的早些时候被攻击微软交换服务器在美国和亚洲。根据赛门铁克以前看不见的ransomware了至少10家公司正在进行的活动。这些目标是各个行业。
的LockFile ransomware首次观察到网络上的美国金融机构7月20日,2021年,其最新的活动视为在8月20日。
新的攻击是如何工作的
根据赛门铁克,有迹象表明攻击者获得通过受害者的网络微软交换服务器,然后使用不完全修补PetitPotam容易访问域控制器,然后蔓延至整个网络。这是到目前为止不清楚攻击者获得初始访问Microsoft Exchange服务器。根据美国网络安全、基础设施安全机构(CISA),“恶意网络演员正在积极利用以下ProxyShell 漏洞:cve cve - 2021 - 34473 - 2021 - 34523,和cve - 2021 - 31207。攻击者利用这些漏洞可能脆弱的机器上执行任意代码。中钢协强烈敦促立即组织识别脆弱系统网络和应用从2021年5月——微软的安全更新纠正所有三个ProxyShell漏洞防范这些攻击。”
根据这份报告,通常大约20到30分钟之前部署ransomware,袭击者安装一套工具到妥协交换服务器。这些包括:
cve - 2021 - 36942的利用漏洞(又名PetitPotam)。从https://github.com/zcgonvh/EfsPotato似乎被复制的代码。这是在一个文件名为“efspotato.exe”。
两个文件:active_desktop_render。dll和active_desktop_launcher.exe
然而,加密shellcode很有可能激活efspotato。exe文件,利用PetitPotam脆弱性。在8月微软的补丁修补周二发布,但随后出现,据报道发布的修复不完全修补漏洞。
攻击的公司包括那些在制造、金融服务、工程、法律、业务服务、旅行和旅游业。
![\"Microsoft](\"https:\/\/st.etb2bimg.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
Security researchers claim to have discovered a new ransomware family called LockFile<\/a> that seems to the same that was used earlier to attack Microsoft Exchange<\/a> servers in the US and Asia. According to Symantec<\/a>, previously unseen ransomware has hit at least 10 companies in the ongoing campaign. These targets are across industries.
The LockFile ransomware was first observed on the network of a US financial organisation on July 20, 2021, with its latest activity seen as recently as August 20.
How the new attack works<\/strong>
As per Symantec, there are signs that the attackers gain access to victims' networks via Microsoft<\/a> Exchange Servers, and then use the incompletely patched PetitPotam<\/a> vulnerability to gain access to the domain controller, and then spread across the network. It is so far not clear how the attackers gain initial access to the Microsoft Exchange Servers. As per US Cybersecurity and Infrastructure Security Agency (CISA), \"Malicious cyber actors are actively exploiting the following ProxyShell<\/a> vulnerabilities<\/a>: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organisations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021\u2014which remediates all three ProxyShell vulnerabilities\u2014to protect against these attacks.\"
<\/div><\/div>The attackers behind this ransomware are said to use a ransom note with a similar design to that used by the LockBit ransomware gang and reference the Conti gang in the email address they use, contact@contipauper.com.
As per the report, typically around 20 to 30 minutes prior to deploying ransomware, the attackers install a set of tools onto the compromised Exchange Server. These include:
An exploit for the CVE-2021-36942 vulnerability (aka PetitPotam). The code appears to be copied from https:\/\/github.com\/zcgonvh\/EfsPotato. This is in a file called \u201cefspotato.exe\u201d.
Two files: active_desktop_render.dll and active_desktop_launcher.exe
The encrypted shellcode, however, very likely activates the efspotato.exe file that exploits PetitPotam vulnerability. It was patched in Microsoft\u2019s August Patch Tuesday release, but it subsequently emerged that the fix released reportedly did not fully patch the vulnerability.
The companies attacked include those in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.
<\/div><\/div>
As per the report, typically around 20 to 30 minutes prior to deploying ransomware, the attackers install a set of tools onto the compromised Exchange Server. These include:
An exploit for the CVE-2021-36942 vulnerability (aka PetitPotam). The code appears to be copied from https:\/\/github.com\/zcgonvh\/EfsPotato. This is in a file called \u201cefspotato.exe\u201d.
Two files: active_desktop_render.dll and active_desktop_launcher.exe
The encrypted shellcode, however, very likely activates the efspotato.exe file that exploits PetitPotam vulnerability. It was patched in Microsoft\u2019s August Patch Tuesday release, but it subsequently emerged that the fix released reportedly did not fully patch the vulnerability.
The companies attacked include those in the manufacturing, financial services, engineering, legal, business services, and travel and tourism sectors.
<\/div><\/div>
Follow and connect with us on Twitter<\/a>, Facebook<\/a>, Linkedin<\/a>, Youtube<\/a><\/div>","NumberOfSentences":{"minfo":"21.0","minfoseo":"21-0"},"AutomatedReadabilityIndex":{"minfo":"14.0","minfoseo":"14-0"},"LastPublishMilliTime":{"minfo":"1629796443484","minfoseo":"1629796443484"},"ReadabilityGradeLevel":{"minfo":"College","minfoseo":"college"},"GadgetsMarkedReviewed":{"minfo":"0","minfoseo":"0"},"HashCode":{"minfo":"-2030882218","minfoseo":"-2030882218"},"latestnewsflag":{"minfo":"1.0","minfoseo":"1-0"},"canonicalURL":{"minfo":"https:\/\/timesofindia.indiatimes.com\/gadgets-news\/microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers\/articleshow\/85561190.cms","minfoseo":"https\/timesofindia-indiatimes-com\/gadgets-news\/microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers\/articleshow\/85561190-cms"},"NumberOfCharacters":{"minfo":"2499.0","minfoseo":"2499-0"},"NumberOfWords":{"minfo":"355.0","minfoseo":"355-0"},"key":{"0":{"keyid":"221367","value":"microsoft exchange","smid":"0","keynameseo":"microsoft-exchange","keytype":"","keycount":"totalcount","weightage":"100"},"1":{"keyid":"1616443","value":"vulnerabilities","smid":"0","keynameseo":"vulnerabilities","keytype":"","keycount":"totalcount","weightage":"20"},"2":{"keyid":"111839","value":"symantec","smid":"0","keynameseo":"symantec","keytype":"","keycount":"totalcount","weightage":"20"},"3":{"keyid":"11928626","value":"proxyshell","smid":"0","keynameseo":"proxyshell","keytype":"","keycount":"totalcount","weightage":"20"},"4":{"keyid":"11928627","value":"petitpotam","smid":"0","keynameseo":"petitpotam","keytype":"","keycount":"totalcount","weightage":"20"},"5":{"keyid":"10387","value":"microsoft","smid":"0","keynameseo":"microsoft","keytype":"","keycount":"totalcount","weightage":"20"},"6":{"keyid":"11928628","value":"lockfile","smid":"0","keynameseo":"lockfile","keytype":"","keycount":"totalcount","weightage":"20"},"8":{"keyid":"108450","value":"cyber attack","smid":"0","keynameseo":"cyber-attack","keytype":"","keycount":"totalcount","weightage":"20"}},"authorsplit":[],"similarlytagged":[{"msid":"87034407","stname":"Nations vow to combat ransomware at US-led summit","artsyn":"\"The threat of ransomware is complex and global in nature and requires a shared response,\" the joint summit statement said, adding the nations \"recognize the need for urgent action, common priorities and complementary efforts.\"","seolocation":"telecomnews\/nations-vow-to-combat-ransomware-at-us-led-summit","seolocationalt":"Nations vow to combat ransomware at US-led summit","url_seo":"nations-vow-to-combat-ransomware-at-us-led-summit"},{"msid":"85588866","stname":"Microsoft Exchange under attack as LockFile ransomware targets servers","artsyn":"Security researchers claim to have discovered a new ransomware family called LockFile that seems to the same that was used earlier to attack Microsoft Exchange servers in the US and Asia.","seolocation":"telecomnews\/microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers","seolocationalt":"Microsoft Exchange under attack as LockFile ransomware targets servers","url_seo":"microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers"},{"msid":"83363781","stname":"Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google","artsyn":"Google has said that every day, Gmail blocks more than 100 million phishing attempts and Google Play Protect scans over 100 billion apps for malware and other issues, as cyber attacks by nation-states and criminals are increasingly becoming brazen and effective.","seolocation":"telecomnews\/gmail-blocks-more-than-100-million-phishing-attempts-google-play-scans-100-apps-for-malware-everyday-says-google","seolocationalt":"Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google","url_seo":"gmail-blocks-more-than-100-million-phishing-attempts-google-play-scans-100-apps-for-malware-everyday-says-google"},{"msid":"82496204","stname":"Russian hackers pose new cyber attack threat: Report","artsyn":"It comes after cybersecurity agencies in the US and the UK attributed the SolarWinds attack to Russia's civilian foreign intelligence service, as well as several campaigns targeting Covid-19 vaccine developers, reports ZDNet.","seolocation":"telecomnews\/russian-hackers-pose-new-cyber-attack-threat-report","seolocationalt":"Russian hackers pose new cyber attack threat: Report","url_seo":"russian-hackers-pose-new-cyber-attack-threat-report"},{"msid":"81542137","stname":"Microsoft hack fallout substantial for Dutch servers, watchdog says","artsyn":"\"The National Cyber Security Centre observes that, as a result of vulnerabilities, data is being stolen, malware is placed, back doors are being built in and mailboxes are offered for sale on the black market,\" the government cyber security watchdog said, urging companies to run updates.","seolocation":"telecomnews\/microsoft-hack-fallout-substantial-for-dutch-servers-watchdog-says","seolocationalt":"Microsoft hack fallout substantial for Dutch servers, watchdog says","url_seo":"microsoft-hack-fallout-substantial-for-dutch-servers-watchdog-says"},{"msid":"81359942","stname":"As Microsoft email hack spreads, experts brace for more impact","artsyn":"Experts say it is only a matter of time before the break-in tools are cloned by other spies or cybercriminals, with the potential to compound the problem for users of Microsoft's widely used Exchange email and calendaring software.","seolocation":"telecomnews\/as-microsoft-email-hack-spreads-experts-brace-for-more-impact","seolocationalt":"As Microsoft email hack spreads, experts brace for more impact","url_seo":"as-microsoft-email-hack-spreads-experts-brace-for-more-impact"}],"primeid":0,"storytags":{"categoryTag":{"sectionid":"49830939","sectionname":"TelecomNews","seolocation":"telecomnews","seolocationalt":"telecomnews"},"otherTags":[{"keyid":"221367","value":"microsoft exchange","smid":"0","keynameseo":"microsoft-exchange","keytype":"","keycount":"totalcount","weightage":"100"},{"keyid":"1616443","value":"vulnerabilities","smid":"0","keynameseo":"vulnerabilities","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"111839","value":"symantec","smid":"0","keynameseo":"symantec","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"11928626","value":"proxyshell","smid":"0","keynameseo":"proxyshell","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"11928627","value":"petitpotam","smid":"0","keynameseo":"petitpotam","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"10387","value":"microsoft","smid":"0","keynameseo":"microsoft","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"11928628","value":"lockfile","smid":"0","keynameseo":"lockfile","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"6357247","value":"internet","smid":"0","keynameseo":"internet","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"108450","value":"cyber attack","smid":"0","keynameseo":"cyber-attack","keytype":"","keycount":"totalcount","weightage":"20"}],"filterTags":[]},"formattedTags":{"companyTags":[],"otherTags":[{"name":"microsoft exchange"},{"name":"vulnerabilities"},{"name":"cyber attack"},{"name":"proxyshell"},{"name":"petitpotam"},{"name":"microsoft"},{"name":"symantec"},{"name":"lockfile"},{"name":"internet"}],"newsCategoryTags":[{"name":"TelecomNews","seolocation":"telecomnews"}],"breadcrumbTags":["microsoft exchange","vulnerabilities","symantec","proxyshell","petitpotam","microsoft","lockfile","internet","cyber attack"],"filterTags":[]},"breadcrumbTags":["microsoft exchange","vulnerabilities","symantec","proxyshell","petitpotam","microsoft","lockfile","internet","cyber attack"],"Alttitle":{"minfo":""},"Altdescription":{"minfo":""},"amp_url":"\/\/www.iser-br.com\/amp\/news\/microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers\/85588866","associated":{"articles":{"87034407":{"msid":"87034407","stname":"Nations vow to combat ransomware at US-led summit","artsyn":"\"The threat of ransomware is complex and global in nature and requires a shared response,\" the joint summit statement said, adding the nations \"recognize the need for urgent action, common priorities and complementary efforts.\"","seolocation":"telecomnews\/nations-vow-to-combat-ransomware-at-us-led-summit","seolocationalt":"Nations vow to combat ransomware at US-led summit","url_seo":"nations-vow-to-combat-ransomware-at-us-led-summit"},"85588866":{"msid":"85588866","stname":"Microsoft Exchange under attack as LockFile ransomware targets servers","artsyn":"Security researchers claim to have discovered a new ransomware family called LockFile that seems to the same that was used earlier to attack Microsoft Exchange servers in the US and Asia.","seolocation":"telecomnews\/microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers","seolocationalt":"Microsoft Exchange under attack as LockFile ransomware targets servers","url_seo":"microsoft-exchange-under-attack-as-lockfile-ransomware-targets-servers"},"83363781":{"msid":"83363781","stname":"Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google","artsyn":"Google has said that every day, Gmail blocks more than 100 million phishing attempts and Google Play Protect scans over 100 billion apps for malware and other issues, as cyber attacks by nation-states and criminals are increasingly becoming brazen and effective.","seolocation":"telecomnews\/gmail-blocks-more-than-100-million-phishing-attempts-google-play-scans-100-apps-for-malware-everyday-says-google","seolocationalt":"Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google","url_seo":"gmail-blocks-more-than-100-million-phishing-attempts-google-play-scans-100-apps-for-malware-everyday-says-google"},"82496204":{"msid":"82496204","stname":"Russian hackers pose new cyber attack threat: Report","artsyn":"It comes after cybersecurity agencies in the US and the UK attributed the SolarWinds attack to Russia's civilian foreign intelligence service, as well as several campaigns targeting Covid-19 vaccine developers, reports ZDNet.","seolocation":"telecomnews\/russian-hackers-pose-new-cyber-attack-threat-report","seolocationalt":"Russian hackers pose new cyber attack threat: Report","url_seo":"russian-hackers-pose-new-cyber-attack-threat-report"},"81542137":{"msid":"81542137","stname":"Microsoft hack fallout substantial for Dutch servers, watchdog says","artsyn":"\"The National Cyber Security Centre observes that, as a result of vulnerabilities, data is being stolen, malware is placed, back doors are being built in and mailboxes are offered for sale on the black market,\" the government cyber security watchdog said, urging companies to run updates.","seolocation":"telecomnews\/microsoft-hack-fallout-substantial-for-dutch-servers-watchdog-says","seolocationalt":"Microsoft hack fallout substantial for Dutch servers, watchdog says","url_seo":"microsoft-hack-fallout-substantial-for-dutch-servers-watchdog-says"},"81359942":{"msid":"81359942","stname":"As Microsoft email hack spreads, experts brace for more impact","artsyn":"Experts say it is only a matter of time before the break-in tools are cloned by other spies or cybercriminals, with the potential to compound the problem for users of Microsoft's widely used Exchange email and calendaring software.","seolocation":"telecomnews\/as-microsoft-email-hack-spreads-experts-brace-for-more-impact","seolocationalt":"As Microsoft email hack spreads, experts brace for more impact","url_seo":"as-microsoft-email-hack-spreads-experts-brace-for-more-impact"}}}}" data-news-images="null" data-newsletter-by="0" data-newsletter-date="a" data-hasbottomcarousel="" data-alldetailsopen="0" data-multipleanalyticshit="" data-deeplink="https://ettelecom.app.link?$deeplink_path=" data-socialshareformat="default">
