Microsoft Exchange targeted for IcedID reply-chain hijacking attacks
IcedID was first reported on by IBM X-Force in November 2017 and the malware shared some code with Pony. This banking trojan was designed to steal banking credentials but has been observed being used to deploy ransomware. A popular attack vector for IcedID is via phishing emails. The infection chain that commonly has been used is an email with an attached password protected “zip” archive.
Recently researchers at Intezer have discovered a further evolution of the threat actors’ technique, whereby actors use compromised Microsoft Exchange servers to send the phishing emails from the account that they stole from. The researchers also state that:
“The payload has also moved away from using office documents to the use of ISO files with a Windows LNK file and a DLL file. The use of ISO files allows the threat actor to bypass the Mark-of-the-Web controls, resulting in execution of the malware without warning to the user.”
In the current campaign researchers have seen organisations within energy, healthcare, law, and pharmaceutical sectors targeted.
While Intezer’s report focuses on current and ongoing activity, it is unclear when this campaign started. It is possible that it started five months ago. In November 2021, a Trend Micro report described a wave of attacks using ProxyShell and ProxyLogon vulnerabilities in exposed Microsoft Exchange servers to hijack internal email reply-chains and spread malware-laced documents.
With thanks to the Cyber Defence Alliance and BleepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/
Get Your Customized Automated Security Awareness Program, ASAP!
Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.
We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).
ASAP is a revolutionary tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will show you all the steps needed to create a fully mature training program in just a few minutes!
Here’s how it works:
- Answer seven questions about your organization’s goals, compliance needs, and culture
- ASAP recommends suggested training content based on your answers
- See a detailed calendar with a customized task lisk to get your program started
- Easily export detailed and executive summary PDF versions of your program
- Get a fully mature awareness program ready in 5 minutes
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/asap-partner?partnerid=001a000001lWEoJAAW