web analytics
Home » Technology » Microsoft Exchange Server is Targeted by Email Hijacking Attacks

Microsoft Exchange Server is Targeted by Email Hijacking Attacks

Unpatched Microsoft Exchange servers are increasingly targeted by unknown hackers. A trick has spread that is not so easy for many users to grasp at first: the hackers use existing email conversations to fake legitimacy. That comes from a new report Security researchers from Intezer off (via bleeding computer The security researchers discovered that the so-called IcedID malware is currently spreading massively through an Exchange Server vulnerability. This malware is known as a modular banking Trojan that not only robs banking information but also installs so-called second-stage malware, such as loaders or ransomware. Infographic Often heard – never used: protective measures on the internet

conversation hijack attack

There is a very simple and annoying trick to access their victim system: the hackers give their victims the impression that they are receiving an email from their network. They do this through reply emails, or “turning on” an existing conversation. For example, these response chains share a link to the download of an alleged Word document or a download link for each file containing the IcedID malware. The hackers are specifically looking for Exchange servers that have not loaded the latest security updates and are therefore vulnerable.

The number of campaigns spreading malware in this way has increased significantly through the response chain tricks. The main method of a conversation hijacking attack is to take control of an email account that is involved in a discussion with the target person and then send a phishing message created to make them look like a continuation of the conversation. thread.

The target is almost exclusively companies. If the target receives a reply message with an attachment mentioned as relevant to the previous discussion, the chances of them suspecting fraud are minimized. Intezer explains that there is evidence that threat actors are targeting vulnerable Microsoft Exchange servers to steal credentials, as many of the compromised endpoints they found are publicly available and unpatched.