SSRF attacks hit 100,000 businesses globally since November

Skórzewiak – stock.adobe.com

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers

Alex Scroxton

By

Published: 24 Jan 2023 14:00

Security teams are warned to be on the lookout for a growing wave of opportunistic and largely untargeted cyber attacks exploiting two related exploit chains to target Microsoft Exchange servers.

This is according to Bitdefender Labs, which noted an uptick in attack volumes beginning at the end of November 2022. The attacks are technically known as server-side request forgeries (SSRF), and are rapidly becoming widely popular and routinely exploited by the cyber criminal underground – mainly because Microsoft Exchange is so widely used.

In an SSRF attack, a threat actor sends a specially crafted request from a vulnerable server to another server on the vulnerable server’s behalf, and thus becomes able to access resources or information not directly accessible to them, and perform actions on the vulnerable server’s behalf.

There are two exploit chains currently under active exploitation. The first is ProxyNotShell, a combination of two disclosed vulnerabilities, CVE-2022-41080 and CVE-2022-41082 that requires the threat actor to authenticate to the vulnerable server, and was patched by Microsoft in November 2022.

The second is known as OWASSRF. This is a slightly different exploit chain that uses the same two vulnerabilities, albeit slightly differently in such a way that it can bypass the ProxyNotShell mitigations. OWASSRF was used in the December 2022 Rackspace attack.

The research team claims that more than 100,000 organisations globally have fallen victim to SSRF attacks in the past couple of months, with the majority of victims in the US and Europe. Victims were found in multiple sectors including arts and entertainment, consultancy, legal, manufacturing, real estate and wholesale.

“While the initial infection vector keeps evolving and threat actors are quick to exploit any new opportunity, their post-exploitation activities are familiar. The best protection against modern cyber attacks is a defence-in-depth architecture,” the Bitdefender team wrote.

“Start with reducing your attack surface, focusing on patch management – not only for Windows but for all applications and internet-exposed services), and detection of misconfigurations.

“The next security layer should be reliable world-class protection controls that can eliminate most security incidents, using multiple layers of security, including IP/URL reputation for all endpoints, and protection against fileless attacks. 

“Implementing IP, domain, and URL reputation…is one of the most effective methods to stop automated vulnerability exploits. According to analysis in the Data breach investigations report 2022, only 0.4% of the IPs that attempted RCEs were not seen in one of the previous attacks. Block bad IPs, domains or URLs on all devices, including endpoints, and prevent a security breach in your business environment. 

“Finally, for the few incidents that get through your defenses, lean on security operations, either in-house or through a managed service, and leverage strong detection and response tools. Modern threat actors often spend weeks or months doing active reconnaissance on networks, generating alerts and relying on the absence of detection and response capabilities,” they said.

The Bitdefender team found evidence of multiple different types of cyber attacks taking advantage of the two exploit chains.

Among them were the deployment of remote access and administration tools, the use of web shells, likely by initial access brokers (IABs), the deployment of the Cuba ransomware, and the theft of credentials.

Read more on Hackers and cybercrime prevention

Read More
Clora Catt

Latest

Airline spends four days without flying as bankruptcy rumors swirl

Please enable JS and disable any ad blocker

3 AI Memory Stocks to Watch in July 2026

AI memory stocks have been the loudest trade of 2026, as the scramble for the chips behind every AI server pushed prices and profits to records. But the three names below share the same strange split. The business has never looked stronger, yet the money flows are quietly turning cautious...

Zoomex X Space recap with David James and the World Cup trading panel

James said real pressure for keepers comes in the silence between shots. At Liverpool, City, Portsmouth and England, preparation shaped James. For traders too, instinct works only when built on the right information. Zoomex hosted the third episode of its World Cup Edition X Space as part of the Zoomex World Cup Impact Pledge, bringing

Kalyan Jewellers shares fall 6% despite 38% revenue growth in Q1

Home Market News Kalyan Jewellers shares fall 7% despite 38% revenue growth in Q1 Kalyan Jewellers' international business also maintained strong momentum, with revenue rising nearly 35% year-on-year. 2 Min Read Shares of Kalyan Jewellers India Ltd. fell as much as 7.5% in early trading on Tuesday, July 7, despite the jewellery retailer reported a

Newsletter

Don't miss

Airline spends four days without flying as bankruptcy rumors swirl

Please enable JS and disable any ad blocker

3 AI Memory Stocks to Watch in July 2026

AI memory stocks have been the loudest trade of 2026, as the scramble for the chips behind every AI server pushed prices and profits to records. But the three names below share the same strange split. The business has never looked stronger, yet the money flows are quietly turning cautious...

Zoomex X Space recap with David James and the World Cup trading panel

James said real pressure for keepers comes in the silence between shots. At Liverpool, City, Portsmouth and England, preparation shaped James. For traders too, instinct works only when built on the right information. Zoomex hosted the third episode of its World Cup Edition X Space as part of the Zoomex World Cup Impact Pledge, bringing

Kalyan Jewellers shares fall 6% despite 38% revenue growth in Q1

Home Market News Kalyan Jewellers shares fall 7% despite 38% revenue growth in Q1 Kalyan Jewellers' international business also maintained strong momentum, with revenue rising nearly 35% year-on-year. 2 Min Read Shares of Kalyan Jewellers India Ltd. fell as much as 7.5% in early trading on Tuesday, July 7, despite the jewellery retailer reported a

‘Worst thing about Cristiano Ronaldo’: Messi fan’s farewell to CR7 goes viral after Portugal vs Spain | World Cup 2026

Verified Messi fan Appie Cule has posted a lengthy farewell to Cristiano Ronaldo. This came after Spain beat Portugal 1-0 at the World Cup. That defeat effectively ended Ronaldo's World Cup career for good. Cule framed the post as Ronaldo's definitive "last dance" moment. The post argued Ronaldo had set impossibly-high standards for himself. It

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity

Business Insurance-AZ Achieves Record Response Times for 2026 Arizona Construction Bids

Business Insurance-AZ achieves milestone response speeds for commercial construction bids across Arizona, accelerating documentation delivery to keep local projects moving forward without delay. Phoenix, AZ, June 06-2026, ZEX PR WIRE — Business Insurance-AZ has achieved record-breaking processing speeds and response times for commercial construction bids throughout Arizona, directly supporting the state’s massive infrastructure and advanced manufacturing boom