{"id":601077,"date":"2023-01-25T06:49:31","date_gmt":"2023-01-25T12:49:31","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/25\/ssrf-attacks-hit-100000-businesses-globally-since-november\/"},"modified":"2023-01-25T06:49:31","modified_gmt":"2023-01-25T12:49:31","slug":"ssrf-attacks-hit-100000-businesses-globally-since-november","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/25\/ssrf-attacks-hit-100000-businesses-globally-since-november\/","title":{"rendered":"SSRF attacks hit 100,000 businesses globally since November"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero Images\/cyber-security-attack-virus-malware-Skorzewiak-adobe_searchsitetablet_520X173.jpg\" data-credit=\"Sk\u00c3\u00b3rzewiak - stock.adobe.com\"  width=\"520\" height=\"173\" alt><\/p>\n<p>Sk\u00c3\u00b3rzewiak &#8211; stock.adobe.com<\/p>\n<\/p><\/div>\n<div id=\"content-header\">\n<h2>There has been a dramatic increase in attacks exploiting the ProxyNotShell\/OWASSRF exploit chains to target Microsoft Exchange servers<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>24 Jan 2023 14:00<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p><span>Security teams are warned to be on the lookout for a growing wave of opportunistic and largely untargeted <a href=\"https:\/\/www.computerweekly.com\/resources\/Hackers-and-cybercrime-prevention\">cyber attacks<\/a> exploiting two related exploit chains to target Microsoft Exchange servers.<\/span><\/p>\n<p><span>This is according to <a href=\"https:\/\/www.bitdefender.co.uk\/blog\/labs\/\">Bitdefender Labs<\/a>, which noted an uptick in attack volumes beginning at the end of November 2022. The attacks are technically known as <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252529253\/Microsoft-fixes-SSRF-vulnerabilities-found-in-Azure-services\">server-side request forgeries<\/a> (SSRF), and are rapidly becoming widely popular and routinely exploited by the cyber criminal underground \u2013 mainly because Microsoft Exchange is so widely used.<\/span><\/p>\n<p><span>In an SSRF attack, a threat actor sends a specially crafted request from a vulnerable server to another server on the vulnerable server\u2019s behalf, and thus becomes able to access resources or information not directly accessible to them, and perform actions on the vulnerable server\u2019s behalf.<\/span><\/p>\n<p><span>There are two exploit chains currently under active exploitation. The first is <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252525592\/Microsoft-Exchange-Server-targeted-with-zero-day-vulnerabilities\">ProxyNotShell<\/a>, a combination of two disclosed vulnerabilities, CVE-2022-41080 and CVE-2022-41082 that requires the threat actor to authenticate to the vulnerable server, and was patched by Microsoft <a href=\"https:\/\/www.computerweekly.com\/news\/252527082\/Microsoft-serves-smorgasbord-of-six-zero-days\">in November 2022<\/a>.<\/span><\/p>\n<p><span>The second is known as <a href=\"https:\/\/www.crowdstrike.com\/blog\/owassrf-exploit-analysis-and-recommendations\/\">OWASSRF<\/a>. This is a slightly different exploit chain that uses the same two vulnerabilities, albeit slightly differently in such a way that it can bypass the ProxyNotShell mitigations. OWASSRF was used <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252528884\/Rackspace-Ransomware-attack-caused-by-zero-day-exploit\">in the December 2022 Rackspace attack<\/a>.<\/span><\/p>\n<p><span>The research team claims that more than 100,000 organisations globally have fallen victim to SSRF attacks in the past couple of months, with the majority of victims in the US and Europe. Victims were found in multiple sectors including arts and entertainment, consultancy, legal, manufacturing, real estate and wholesale.<\/span><\/p>\n<p><span>\u201cWhile the initial infection vector keeps evolving and threat actors are quick to exploit any new opportunity, their post-exploitation activities are familiar. The best protection against modern cyber attacks is a\u00a0defence-in-depth architecture,\u201d the Bitdefender team wrote.<\/span><\/p>\n<p>\u201cStart with reducing your attack surface, focusing on patch management \u2013 not only for Windows but for all applications and internet-exposed services), and detection of misconfigurations.<\/p>\n<p>\u201cThe next security layer should be\u00a0reliable\u00a0world-class\u00a0protection\u00a0controls\u00a0that can eliminate most security incidents, using multiple layers of security, including IP\/URL reputation for all endpoints, and protection against fileless attacks.\u00a0<\/p>\n<p>\u201cImplementing IP, domain, and URL reputation\u2026is one of the most effective methods to stop automated vulnerability exploits. According to analysis in the <em><a href=\"https:\/\/www.computerweekly.com\/news\/252520615\/Ransomware-volumes-grew-faster-than-ever-in-2021\">Data breach investigations report 2022<\/a><\/em>, only 0.4% of the IPs that attempted RCEs were not seen in one of the previous attacks. Block bad IPs, domains or URLs on all devices, including endpoints, and prevent a security breach in your business environment.\u00a0<\/p>\n<p>\u201cFinally, for the few incidents that get through your defenses, lean on security operations, either in-house or through\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=TRp7uLYLGiQ\">a managed service<\/a>, and leverage strong\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=ReBDrsyyiSY&#038;ab_channel=BitdefenderEnterprise\">detection and response tools<\/a>. Modern threat actors often spend weeks or months doing active reconnaissance on networks, generating alerts and relying on the absence of detection and response capabilities,\u201d they said.<\/p>\n<p>The Bitdefender team found evidence of multiple different types of cyber attacks taking advantage of the two exploit chains.<\/p>\n<p>Among them were the deployment of remote access and administration tools, the use of web shells, likely by initial access brokers (IABs), the deployment of the Cuba ransomware, and the theft of credentials.<\/p>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Hackers and cybercrime prevention<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252529253\/Microsoft-fixes-SSRF-vulnerabilities-found-in-Azure-services\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/cloud_g1251263502_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/cloud_g1251263502_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/cloud_g1251263502.jpg 1280w\" alt ><\/p>\n<h5>Microsoft fixes SSRF vulnerabilities found in Azure services<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.techtarget.com\/searchwindowsserver\/news\/252529068\/Microsoft-resolves-Windows-zero-day-on-January-Patch-Tuesday\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303249453_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303249453_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303249453.jpg 1280w\" alt ><\/p>\n<h5>Microsoft resolves Windows zero-day on January Patch Tuesday<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/walat_tomas_web.jpg\" alt=\"TomWalat\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Tom\u00a0Walat<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/podcast\/Risk-Repeat-Analyzing-the-Rackspace-ransomware-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228.jpg 1280w\" alt ><\/p>\n<h5>Risk &#038; Repeat: Analyzing the Rackspace ransomware attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/culafi_alexander.jpg\" alt=\"AlexanderCulafi\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alexander\u00a0Culafi<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/news\/252528896\/Fallout-from-Guardian-cyber-attack-to-last-at-least-a-month\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Newspapers-print-publicaton-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Newspapers-print-publicaton-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Newspapers-print-publicaton-adobe.jpg 1280w\" alt ><\/p>\n<h5>Fallout from Guardian cyber attack to last at least a month<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/252529519\/SSRF-attacks-hit-100000-businesses-globally-since-November\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Clora Catt<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sk\u00c3\u00b3rzewiak &#8211; stock.adobe.com There has been a dramatic increase in attacks exploiting the ProxyNotShell\/OWASSRF exploit chains to target Microsoft Exchange servers By Alex Scroxton, Security Editor Published: 24 Jan 2023 14:00 Security teams are warned to be on the lookout for a growing wave of opportunistic and largely untargeted cyber attacks exploiting two related exploit<\/p>\n","protected":false},"author":1,"featured_media":601078,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[234,2487,46],"tags":[],"class_list":{"0":"post-601077","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-attacks","8":"category-businesses","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/601077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=601077"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/601077\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/601078"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=601077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=601077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=601077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}