Total Tests:

FBI shuts down web shells in hacked Exchange servers

By Danny Bradbury for IT PRO
Thursday, April 15, 2021

The FBI has used a search warrant to access Exchange servers vulnerable to the ProxyLogon exploit, copy the offending web shells for evidence, and then remove them.

Ilia Kolochenko CEO, founder, and chief architect at ImmuniWeb, told ITPro this was a wise move given exposed web shells indicate server owners are unaware of the server or grossly negligent by having unpatched and compromised system exposed to the internet.

“Hacked servers are actively used in sophisticated attacks against other systems, amplify phishing campaigns and hinder investigation of other intrusions by using the breached servers as chained proxies,” Kolochenko said.

“Thus, arguably, such preventive removal may be considered a legitimate self-defense in cyberspace. In any case, neither hackers nor server owners will probably complain or file a lawsuit for unwarranted intrusion. What is interesting, is whether the FBI later transfers the list of sanitized servers to FTC or state attorney generals for investigation of bad data protection practices in violation of state and federal laws.”

In related news, the Cybersecurity and Infrastructure Security Agency (CISA) has ordered agencies to apply new security patches for vulnerable exchange servers. The updates mitigate significant vulnerabilities that affect on-premises Exchange Servers 2013, 2016, and 2019. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential