fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Botnet Backdoors Microsoft Exchange Servers, Mines Cryptocurrency

Botnet Backdoors Microsoft Exchange Servers, Mines Cryptocurrency

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators’ army of Monero (XMR) cryptocurrency mining bots.

This modular malware can infect both Windows and Linux systems, and it was first spotted last year while using the EternalBlue exploit to spread across compromised networks and enslave vulnerable Windows computers.

Around since at least 2016

Cybereason’s Nocturnus team recently discovered that the botnet has likely been active for almost half a decade, according to Prometei artifacts submitted to VirusTotal in May 2016.

Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.

The main focus of Prometei’s attacks on Exchange servers is to deploy the cryptomining payload, start earning money for its operators, and spread to other devices on the network using EternalBlue and BlueKeep exploits, harvested credentials, and SSH or SQL spreader modules.

“When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but can also exfiltrate sensitive information as well,” said Assaf Dahan, Cybereason senior director and head of threat research.

“If they desire to do so, the attackers could also infect the compromised endpoints with other malware and collaborate with ransomware gangs to sell access to the endpoints.”

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

Prometei Exchange attack flow
Prometei Exchange attack flow (Cybereason)

Cryptojacking botnet with backdoor features

However, the malware has been upgraded with backdoor capabilities with support for an extensive array of commands.

These include downloading and executing files, searching for files on infected systems, and executing programs or commands on behalf of the attackers.

“The latest versions of Prometei now provide the attackers with a sophisticated and stealthy backdoor that supports a wide range of tasks that make mining Monero coins the least of the victims’ concerns,” Cybereason Nocturnus Team said.

While the threat actor(s) behind this botnet is unknown, there is evidence that they speak Russian, including the name of the botnet, Prometei (Russian for Prometheus), and the Russian code and product name used in older versions.

Cybereason’s research also points to the botnet operators being financially motivated and likely not sponsored by a nation-state.

“As observed in the recent Prometei attacks, the threat actors rode the wave of the recently discovered Microsoft Exchange vulnerabilities and exploited them in order to penetrate targeted networks,” the Cybereason Nocturnus Team added.

“This threat poses a great risk for organizations, since the attackers have absolute control over the infected machines, and if they wish so, they can steal information, infect the endpoints with other malware or even collaborate with ransomware gangs by selling access to the infected endpoints.”

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Over 90% of vulnerable Exchange servers now patched

The CVE-2021-27065 and CVE-2021-26858 flaws exploited by Prometei were also abused by several Chinese-backed hacking groups and other hacking groups to deploy web shells, ransomware [12], and cryptomining malware.

According to stats shared by Microsoft last month, roughly 92% of all Internet-connected on-premises Exchange servers affected by these vulnerabilities are now patched and safe from attacks.

Redmond also released a one-click Exchange On-premises Mitigation Tool (EOMT) tool to help small business owners quickly mitigate the security bugs even without the help of a dedicated security team.

Adding to that, Microsoft Defender Antivirus automatically protects unpatched Exchange servers from ongoing attacks by automatically mitigating the vulnerabilities.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us