Microsoft Exchange servers are once again the target for attacks. Through this year, Microsoft Exchange Server exploits have led to massive breaches. Now, another threat is ongoing and affecting servers across Asia and the U.S. Known as LockFile, this is a ransomware attack that was found by Symantec.
LockFile has been active since at least July 20. Threat actors conducting successful attacks can take control of Windows domains and encrypt devices. Once they have control over one device, they can potentially spread the ransomware across a network.
Symantec points out LockFile uses the PetitPotam exploit, using the vulnerability after breaching Microsoft Exchange servers. The company says it is unclear how the initial breach of Microsoft Exchange Server is done.
While Microsoft has been patching the platform during the year, there is no current fix for the PetitPotam vulnerability. Alongside Symantec's discovery, the Cybersecurity & Infrastructure Security Agency has also issued an advisory:
“Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.”
A 2021 to Forget for Microsoft Exchange Server
Microsoft Exchange Server was successfully attacked through an exploit first used by the HAFNIUM group. More hackers have since leveraged the exploit for their own attacks. Microsoft sent out patches for all versions of the service, including those out of support. Although, these patches need users to install the update.
Microsoft says updating Exchange Server is the best way to avoid the exploit. Furthermore, the company has launched a tool to help customers know if they have been breached. In April, Microsoft released a new update of security patches for Exchange Server.
However, as we recently reported, some attacks persist and are targeting organizations that have not patched their systems.
Tip of the day: The Windows 10 Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.