MICROSOFT Exchange servers have been backdoored by threat actors worldwide.
Attackers are using a new malware to access Microsoft Exchange servers belonging to military and government entities in Europe, the Middle East, Africa and Asia.
1
Dubbed SessionManager, the malicious software poses as an Internet Information Services (IIS) module.
IIS is the legitimate web server installed by default on Microsoft Exchange servers.
Typically, organizations enable IIS modules to streamline specific processes on their web infrastructure, per ARSTechnica.
Roughly 34 servers belonging to 24 organizations have been infected with SessionManager since March 2021, Security firm Kaspersky revealed.
As of June 2022, around 20 organizations remained infected, Kaspersky said in a blog post on Thursday.
What does SessionManager do?
SessionManager can accomplish a number of things for threat actors, according to a report by Bleeping Computer.
The malware can drop and manage arbitrary files on comprised servers, execute code remotely, and link the victim’s network to the bad actor’s network.
Most read in Tech
Kaspersky explained further: “The SessionManager backdoor enables threat actors to keep persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization.”
“Once dropped into the victim’s system, cybercriminals behind the backdoor can gain access to company emails.”
They can also update malicious access by installing other types of malware or “clandestinely manage compromised servers, which can be leveraged as malicious infrastructure.”
How can I protect myself/my organization?
Backdoor attacks are difficult to detect, however, there are steps you can take to keep your device(s) safe.
For starters, use an Antivirus that can identify and prevent a wide range of malware, including trojans and spyware.
Be vigilant when downloading files from the internet as many of them can be compromised or loaded with malware.
You will definitely also want to use a Firewall, which is considered essential for backdoor protection.
Firewalls monitor all incoming and outgoing traffic on your device – so if someone is trying to get into your device, the firewall will keep them out.
