"ProxyShell Attacks Escalate"

The ProxyShell vulnerabilities in Microsoft Exchange remain a problem for enterprises as attackers have been increasing their scanning for and exploitation of the bugs. In some cases, they have been installing ransomware. Microsoft released patches for them in April, but the fixes were not disclosed until July. The three bugs that make up the ProxyShell issue could lead to arbitrary code execution. There have been active attempts at exploiting these flaws all summer. However, there has recently been an increase in scanning and some new exploitation techniques. Attackers primarily exploit the vulnerabilities and then install a webshell, which is a small piece of code that remains on the compromised server and can be used for persistence. Recent attacks' post-exploitation activity has included the installation of the LockFile ransomware, the LemonDuck malware and cryptominer, and other pieces of malware. This activity follows the installation of a webshell. This article continues to discuss the recent escalation of ProxyShell attacks. 

Decipher reports "ProxyShell Attacks Escalate"