Squirrelwaffle nearly triumphs in Microsoft Exchange Server scam scheme

An organization almost roughshod victim to an attack entrada that used Squirrelwaffle malware together with exploits to ProxyLogon and Proxy Shell to target a Microsoft Exchange Server. Sophos researchers looked into the attack and broke down the methods of the malicious actors that went afterwards the unnamed victim organisation.

Despite its funny proper name, Squirrelwaffle is a dangerous type of malware that is spread through spam campaigns. Attackers hijacked an e-mail thread and replied to messages with what appeared to be innocent attachments. Instead, they were documents that enabled macros to give command of a system to attackers.

A hijacked thread could be quite disarming. For example, a bulletin may claim to be from someone who had been looped into a preexisting thread to share more than information. Equally part of the campaign investigated by Sophos, attackers used a typo-squatted domain that looked similar to the domain a thread began in. This maneuver swapped the thread over to another domain that was less secure.

In this specific attack, the threat actors copied in several email addresses to appear legitimate.

"That'south very understandable, I shall wait for your updates. Finance department is cc'ed in this email and would provide the updated banking details before long," said the first message by the attackers.

A afterwards electronic mail pressured the victim to make a payment.

Squirrelwaffle Threat Email Source: Sophos

The assail was nigh successful. According to Sophos, the unnamed system transferred money to the attackers, only the payment was flagged upwardly and stopped by a financial establishment.

While patching a Microsoft Exchange Server is important, more than is needed to secure an organization.

"This is a good reminder that patching alone isn't always plenty for protection," said Sophos researcher Matthew Everts to ZDNet. "In the case of vulnerable Exchange servers, for example, you also demand to check the attackers haven't left behind a web shell to maintain admission. And when it comes to sophisticated social engineering attacks such as those used in electronic mail thread hijacking, educating employees about what to look out for and how to report it is critical for detection."

The recently investigated attack was an evolution of previous Squirrelwaffle attacks. In this case, threat actors added the typo-squatting element to the campaign, which made it harder to defend against.

Windows 11 review: The start of a new era

Updated February 2022

Windows 11 review: The offset of a new era

Microsoft is back with a roaring passion to create a modernistic version of the Windows user feel that's uncomplicated to apply, beautifully designed, and well-connected, all in an effort to brand you more productive in your professional or creative workflows. But, is it any good?

Shooty bang bang

Where are all the guns in Dying Light 2?

Information technology's by pattern, sure, just there'south a singled-out lack of firearms in Dying Light 2. For better or worse, mod medieval Villedor is a place to build your own weapons. Only what happened to the guns and ammo and might it e'er make a comeback?