FBI hacks compromised Exchange servers as more companies get targeted
SHARE
In a possibly unprecedented move, the U.S. Federal Bureau Investigation has obtained a court order to allow it to hack compromised Microsoft Corp. Exchange Servers to remove vulnerabilities as more stories of Exchange servers being targeted continue to emerge.
The court order allowed the FBI to copy and remove malicious web shells from hundreds of vulnerable computers that were compromised by so-called Hafnium attacks first revealed by Microsoft security researchers March 2. Hafnium was described at the time as Chinese state-sponsored hackers targeting a number of recently identified vulnerabilities for which patches had been issued.
Threat actors targeted Slack and Discord as the pandemic raged on
A pedestrian walks past a Slack logo outside its headquarters on December 1, 2020 in San Francisco, California. Collaborative tools proved an easy target for hackers during the pandemic. (Photo by Stephen Lam/Getty Images)
Researchers on Wednesday reported that as the pandemic continued this past year, threat actors adjusted to employee reliance on new communications technologies such as Slack and Discord and launched targeted malware attacks on those platforms.
In a blog posted by Cisco Talos, the researchers said Slack and Discord offer an attractive option for hosting malicious content, exfiltrating sensitive information and facilitating malicious attacks. The researchers described how these communication platforms are used across three major phases of malware attacks: delivery, component retrieval, and command and control (C2) and data exfiltration.
One Discord network search turned up 20,000 virus results, researchers found.
Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.
The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal expertise in attacking them.
Cisco’s Talos cybersecurity team said in a report on collaboration app abuse this week that during the past year threat actors have increasingly used apps like Discord and Slack to trick users into opening malicious attachments and deploy various RATs and stealers, including Agent Tesla, AsyncRAT, Formbook and others.
REvil continues ransomware attack streak with takeover of laptop maker Acer techrepublic.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from techrepublic.com Daily Mail and Mail on Sunday newspapers.