The Latest Cryptojacking Malware on Microsoft Exchange Servers and How to Counter It

Microsoft Exchange users? Come closer.

Attackers are now targeting Microsoft Exchange servers by using cryptocurrency mining malware to exploit vulnerabilities. Interestingly, an attack on March 9th, 2021, corresponded with the latest Microsoft cycle update release date.  

Why servers? Why not laptops or computers?

Well, servers such as Microsoft Exchange have a higher processing power. They allow the cryptojackers to comb the WorldWideWeb looking for machines to make use of. Afterward, they put them in a network to mine coins for them for free. 

Microsoft released a report in mid-March warning users that the hack – which originated from China – is becoming commonplace worldwide. The company disclosed to Brian Kreb, a security expert, that it became aware of the issue back in January 2021. 

Additionally, Volexity and Dubex reported the four zero-days security problems around the same time.  

They affect Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. They are as follows:

  • CVE-2021-26855 – Servers trust unauthenticated servers using Server Side Request Forgery (SSRF)
  • CVE-2021-26857 – Attackers combine stolen credentials with Exchange Unified Messaging Service (EUMS)
  • CVE-2021- 26858 – Vulnerability involves the execution of remote code
  • CVE -2021- 27065- Execution of remote code

The cryptojacking works by running Monero mining secretly. According to Andrew Brandt, a threat researcher, the currency is much easier to mine anonymously. In fact, statistics show that almost 5% of the coins in circulation are purely from cryptojacking. 

The attack that leverages the ProxyLogon exploit takes advantage of the Exchange Servers to unload the altcoin. With the latest episode, it’s hard to trace the wallet owners. Unless, of course, the criminal uses a tremendous amount of processing power.

Microsoft urges users to apply the latest updates. Also, companies with internet-facing servers should ensure their antivirus suites are up to date.

Sources

ABOUT AUTHOR

I've been fascinated by technology my whole life. From the first Tetris game all the way to Falcon Heavy. So writing for Techjury is like a dream come true, combining both my passions - writing and technology. In my free time (which is pretty scarce, thanks to both my sons,) I enjoy traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack.

Latest from Deyan

What Is OpenVPN? Are VPNs Legal? What Is Double VPN? Proxy vs VPN

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *