• Home
  • Advertising
    • Why Advertise
    • Create Your Campaign
  • About
    • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
Tuesday, May 17, 2022
No Result
View All Result
  • Login
  • Register

No products in the basket.

Submit News
Submit video
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
No Result
View All Result
No Result
View All Result

Cybereason unveils campaign to leverage Microsoft Exchange vulnerabilities

by Zoe Deighton Smythe
22/04/2021
in Cyber Security, PRESS RELEASE
Cybereason unveils campaign to leverage Microsoft Exchange vulnerabilities

Cybereason has announced the discovery of a widespread, global campaign seeking to propagate the Prometei Botnet, by targeting organisations with a multi-stage attack to steal processing power to mine bitcoin. The threat actors, who appear to be Russian speakers, are taking advantage of previously disclosed Microsoft Exchange vulnerabilities leveraged in the Hafnium attacks to penetrate networks.

Prometei is designed to ensure persistence on infected machines and while it was first reported on in July 2020, Cybereason assesses that the botnet actually dates back to at least 2016- a year before the now infamous WannaCry and NotPetya malware attacks that affected more than 200 countries and caused billions in damages.

“The Prometei Botnet poses a big risk for companies because it has been under reported. When the attackers take control of infected machines, they are not only capable of mining bitcoin by stealing processing power, but could exfiltrate sensitive information as well,” said Assaf Dahan, Senior Director and Head of Threat Research, Cybereason.

“If they desire to do so, the attackers could also infect the compromised endpoints with other malware and collaborate with ransomware gangs to sell access to the endpoints. And to make matters worse, cryptomining drains valuable network computing power, negatively impacting business operations and the performance and stability of critical servers,” said Assaf Dahan, senior director and head of threat research, Cybereason.

Key findings from the research, include:

●  Wide range of Victims: Victims have been observed across a variety of industries, including: Finance, Insurance, Retail, Manufacturing, Utilities, Travel and Construction. Infected companies are based in countries around the world, including the United States, United Kingdom, Germany, France, Spain, Italy and other European countries, South America and East Asia. 

● Russian Speaking Threat Actor: The threat actor appears to be Russian speaking and is purposely avoiding infections in former Soviet bloc countries. 

● Exploiting SMB and RDP Vulnerabilities: The main objective of Prometei is to install the Monero crypto miner on corporate endpoints. To spread across networks, the threat actor is using known Microsoft Exchange vulnerabilities, in addition to known exploits EternalBlue and BlueKeep. 

● Cross-Platform Threat: Prometei has both Windows based and Linux-Unix based versions, and it adjusts its payload based on the detected operating system on the targeted machines when spreading across the network.

● Cybercrime with APT Flavour: Cybereason assesses that the Prometei Botnet operators are financially motivated and intent on generating hefty sums of bitcoin, but is likely not backed by a nation-state. 

● Resilient C2 Infrastructure: Prometei is designed to interact with four different C2 servers which strengthens the botnet’s infrastructure and maintains continuous communications, making it more resistant to takedowns.

Recommendations to organisations on containing the Microsoft Exchange vulnerability include continuously hunting in the environment for threats and strong patch management policies to ensure that all patches are regularly installed. In addition, critical network assets should be hardened, multi-factor authentication should be used, and endpoint detection and response tools should be installed.

https://www.cybereason.com/

Tags: campaignCyber attackscyber securityCybereasonMicrosoftPrometei Botnet
ShareTweetShare

Related Posts

Ajax Systems opens plant in Turkey
Business News

Ajax Systems opens plant in Turkey

KnowBe4 celebrates 50,000-customer milestone
PRESS RELEASE

KnowBe4 celebrates 50,000-customer milestone

IDIS America cameras recognised by 2022 Government Security Awards
Education & Events

IDIS America cameras recognised by 2022 Government Security Awards

CertAlarm completes 4th cycle round-robin test series
PRESS RELEASE

CertAlarm completes 4th cycle round-robin test series

Azena to showcase at ASIS Europe & IFSEC International 2022
PRESS RELEASE

Azena to showcase at ASIS Europe & IFSEC International 2022

Gallagher cuts ribbon on European Headquarters
Education & Events

Gallagher cuts ribbon on European Headquarters

Load More

The Tannery, 3a John Street, Tunbridge Wells,
Kent TN4 9RU
All enquiries: +44 (0)1892 525141

  • Home
  • Advertising
  • About
  • Webinars
  • Social Wall
  • Contact Us
No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Home
  • Why Advertise
  • Create Your Campaign
  • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Product Groups
    • Access Control
    • Biometrics
    • Cyber Security
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Industry Sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities

© 2020 SecurityOnScreen.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.