Cybercriminals continue to exploit Microsoft Exchange unpatched servers. Cybersecurity investigators at Sophos report an unknown attack after trying to use ProxyLogon to exploit the malicious Monero crypto-miner from Exchange servers, while a paid load is held on the damaged Exchange server.
Cyber attackers are scanning the Internet for compromising Microsoft Exchange servers that can exploit us to create a cryptocurrency. “Free money for attackers,” warns cybersecurity researchers.
Monero is not valuable as Bitcoin, but it is easy to install and, especially for cybercriminals, provides a lot of anonymity, which makes the wallet owner – and those who follow the attack – difficult to track.
Cybersecurity investigators in Sophos reported that the Monero wallet of the threat actor after the attack began earning money on March 9 (Patch Tuesday when Exchange updates were released as part of the review cycle), coinciding with a time when researchers first saw the attack.
Over time, the attacker lost several servers and the outcome of the crypto mines declined, but then he acquired more new ones than he did with the initial loss, Sophos reported.
While the risk of cryptocurrency miners may not sound as bad as hacking or loss of sensitive data, there is still a concern for organizations.