Source: Microsoft
What you need to know
- The Lemon Duck cryptocurrency mining botnet is being used to target unpatched Microsoft Exchange servers.
- Lemon Duck steals computer resources to mine for the Monero cryptocurrency.
- 92% of worldwide Exchange IPs were patched or mitigated as of March 25, according to Microsoft.
Unpatched Microsoft Exchange servers continue to be targeted by malicious groups. A post by Cisco Talos explains that a cryptocurrency botnet called Lemon Duck is being used by operators to target vulnerable Microsoft Exchange servers (via ZDNet). The botnet's goal is to install a payload onto devices that can then be used to steal computer processing power to mine the Monero cryptocurrency.
Microsoft took several steps to address the effects of the Exchange server vulnerabilities. The company rolled out mitigation tools and updated Microsoft Defender Antivirus to address the issues. As of a March 25 security report from Microsoft, 92% of known worldwide Exchange IPs are patched or mitigated. Despite these efforts, there are still a large number of unpatched devices.
Talos explains why it has "medium confidence" that these recent events are related to Microsoft Exchange server vulnerabilities:
While analyzing telemetry related to ongoing Lemon Duck campaigns, we identified malicious activity being conducted on endpoints whose host names indicated they may be mail servers running Microsoft Exchange. This elevated our level of confidence that they may have been compromised by exploitation attempts targeting the previously described Microsoft Exchange vulnerabilities, with variants of known web shells being uploaded following successful system compromise.
Lemon Duck also utilizes Cobalt Strike, which is a software platform used by security penetration testers and as well as malicious actors. Using Cobalt Strike represents an evolution for Lemon Duck, according to Talos. The researchers state that using Cobalt Strike shows that the people behind Lemon Duck "continue to refine their approach to the attack lifecycle over time as they identify opportunities to increase their efficiency as well as the effectiveness of their attacks."
We may earn a commission for purchases using our links. Learn more.
Review: BenQ's SW271C is a high-end 4K monitor made for photo editing
If you liked the BenQ SW271, you should love the upgraded SW271C. Is the extra price tacked on worth the extra features? Our review has the details.
Microsoft's Surface event is set for Sept 22 — here's what to expect
Microsoft has announced that its annual fall Surface hardware event will be taking place on September 22, which is just one week away. We're expecting five new Surface devices to be announced, including a push for Windows 11.
There could be too many semiconductors by 2023, according to IDC
The global chip shortage led manufacturers to increase their ability to create semiconductors. This will take time to affect the supply of chips but could lead to an oversupply by 2023.
Keep the noise down with these office-friendly keyboards
When you're getting work done in your office, it's generally ideal to use quieter keyboards that won't distract you from your work. Here are the best ones on the market that we recommend.