Microsoft Exchange users? Come closer.
Attackers are now targeting Microsoft Exchange servers by using cryptocurrency mining malware to exploit vulnerabilities. Interestingly, an attack on March 9th, 2021, corresponded with the latest Microsoft cycle update release date.
Why servers? Why not laptops or computers?
Well, servers such as Microsoft Exchange have a higher processing power. They allow the cryptojackers to comb the WorldWideWeb looking for machines to make use of. Afterward, they put them in a network to mine coins for them for free.
Microsoft released a report in mid-March warning users that the hack – which originated from China – is becoming commonplace worldwide. The company disclosed to Brian Kreb, a security expert, that it became aware of the issue back in January 2021.
They affect Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. They are as follows:
- CVE-2021-26855 – Servers trust unauthenticated servers using Server Side Request Forgery (SSRF)
- CVE-2021-26857 – Attackers combine stolen credentials with Exchange Unified Messaging Service (EUMS)
- CVE-2021- 26858 – Vulnerability involves the execution of remote code
- CVE -2021- 27065- Execution of remote code
The cryptojacking works by running Monero mining secretly. According to Andrew Brandt, a threat researcher, the currency is much easier to mine anonymously. In fact, statistics show that almost 5% of the coins in circulation are purely from cryptojacking.
The attack that leverages the ProxyLogon exploit takes advantage of the Exchange Servers to unload the altcoin. With the latest episode, it’s hard to trace the wallet owners. Unless, of course, the criminal uses a tremendous amount of processing power.