BlackKingdom Targets Msoft Exchange- Experts Comment

By   ISBuzz Team
Writer , Information Security Buzz | Mar 23, 2021 05:22 am PST

This Sunday security researcher Marcus Hutchins discovered Microsoft Exchange servers are now being targeted by BlackKingdom ransomware. Marcus, MalwareTechBlog on Twitter, tweeted his findings that a threat actor was compromising all vulnerable Exchange servers via ProxyLogon vulnerability.
Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
March 23, 2021 1:25 pm

<p>As long as there are still unpatched Microsoft Exchange servers accessible on the open internet, we will see attacks like this. The payloads may change depending on what the threat actor is after, but they will continue to leverage the vulnerabilities in Exchange Server until there aren\’t any vulnerable hosts to exploit.</p> <p> </p> <p>This series of attacks is a reminder how important it is to maintain on-premises software with security patches, and to make sure the local environment is protected with an up to date security stack.</p>

Last edited 2 years ago by Saryu Nayyar
Jorge Orchilles
March 23, 2021 1:24 pm

<p>The trend of state actors and ransomware groups using the same exploits is common. We saw it with nation states using EternalBlue followed by WannaCry and NotPetya ransomware. When an exploit is new and relatively unknown, it is exploited by the more sophisticated groups that have access to it. As the exploit becomes more known, other groups focused on monetizing the exploit will begin to use them. Today, those groups focus on dropping ransomware after the initial access.</p> <p> </p> <p>At this point, if there is an external facing Exchange server that has not been patched, it most likely has multiple threat actors fighting over access to leverage the access.</p>

Last edited 2 years ago by Jorge Orchilles

Recent Posts

Would love your thoughts, please comment.x