How hackers can take control of your Microsoft Exchange Server
In its summary of the trends and advances in cybersecurity, the ESET Threat Report T1 2021 includes some exclusive and unpublished updates on current threats.
It highlights, for instance, multiple APT threats exploiting a chain of vulnerabilities on Microsoft Exchange Server.
It also includes new details on the Lazarus and Turla APT groups, along with an analysis of a malicious tweak that steals data from breached iOS devices.
An essential report 3 times a year
ESET Research has set itself the goal of publishing an informative report every 4 months.
T2 will report on events and trends from May to August, while T3 will cover September to December.
T1 is the first edition, reporting on January to April.
During the first quarter of 2021, the COVID-19 pandemic was still the salient topic globally. However the threat landscape hasn’t gone away.
“There continue to be examples of cybercriminals exploiting trending vulnerabilities and configuration flaws,” explains Roman Kováč, ESET’s Chief Research Officer.
The findings of the first report
The prime target for attacks continues to be abuse of the Remote Desktop Protocol (RDP).
But there has also been an increase in the number of cryptocurrency-related threats, along with a sharp rise in Android banking malware detections.
ESET Research’s analysis also demonstrates a chain of vulnerabilities allowing the hacker to take control of any reachable Exchange server, identifying more than 10 different threat groups that have probably exploited this chain of vulnerabilities.
The report similarly includes exclusive research on updates and new findings on the Turla and Lazarus APT groups, plus an invaluable study on Latin American banking Trojans.
There’s also an extensive exploration of a malicious iOS application leveraging runtime patches to modify program behavior and thereby execute shell commands on breaks or compromise iOS devices.
Discovering and challenging new threats
ESET researchers have discovered:
- Kobalos malware, which attacks high-performance computer clusters and other high-profile targets
- The Spalax operation, which targets Colombian government organizations and private entities.
- A highly targeted supply-chain attack based on online gaming in Asia
- A new Lazarus backdoor, used to attack a transport logistics company in South Africa
Naturally, there have thankfully been numerous virtual interventions by ESET specialists, who were also called in to participate in the MITRE ATT&CK® Evaluations emulating the Carbanak and FIN7 adversary groups.
This article has been written in collaboration with BitMAT