nlinecomputers
Well-Known Member
- Reaction score
- 8,530
- Location
- Midland TX
"More than 20,000 U.S. organizations compromised through Microsoft flaw: source | Article [AMP] | Reuters" https://mobile.reuters.com/article/amp/idUSKBN2AX23U
[WARNING] 20,000+ Organizations compromised in latest Exchange Attack.
- Thread starter nlinecomputers
- Start date
Sky-Knight
Well-Known Member
- Reaction score
- 5,179
- Location
- Arizona
And all of this... because on premise Exchange admins didn't bother to configure IIS to limit admin access...
phaZed
Well-Known Member
- Reaction score
- 2,970
- Location
- Richmond, VA
I had a client on Feb 26th in which her laptop, all of the sudden, stopped talking/authenticating with the server. Her OST was fine, just Outlook wouldn't start normally (safe mode worked, but not connecting) and would error out failing to connect to server.
Logs complain of authentication error - but has been working for year(s). Known credentials not working. So, I blew away that account and profile and added the Exchange server back in and it seemingly worked fine... connection re-established and authenticating, emails and folders all downloaded.
Long story short (too late?), I made a long-term managed services customer out of this email issue, so imagine my surprise when I get a support ticket on the 1st (3 days later) from the same customer stating that:
This is what we found and sent back to her:
They never got back to her or I, so we can't reconcile the issue. When I saw this on Krebs last night, the lightbulb went off... I bet they got infected with this. I sent the article to her and she's sent it to them, lighting a fire under their butts, I hope.
I'm almost certain that Fakebiz's "IT Dept." comprises of the owner or someone that doubles as the IT guy.. hopefully they will consider opting for our services, instead!
Anyways, if they are infected and the behavior I'm describing of their Exchange Server is indeed because of this, hopefully it helps someone else.
Logs complain of authentication error - but has been working for year(s). Known credentials not working. So, I blew away that account and profile and added the Exchange server back in and it seemingly worked fine... connection re-established and authenticating, emails and folders all downloaded.
Long story short (too late?), I made a long-term managed services customer out of this email issue, so imagine my surprise when I get a support ticket on the 1st (3 days later) from the same customer stating that:
Not sure why her phone is getting them (Exchange on phone, not POP or IMAP) - but we determined that was flaky at best.
This is what we found and sent back to her:
They never got back to her or I, so we can't reconcile the issue. When I saw this on Krebs last night, the lightbulb went off... I bet they got infected with this. I sent the article to her and she's sent it to them, lighting a fire under their butts, I hope.
I'm almost certain that Fakebiz's "IT Dept." comprises of the owner or someone that doubles as the IT guy.. hopefully they will consider opting for our services, instead!
Anyways, if they are infected and the behavior I'm describing of their Exchange Server is indeed because of this, hopefully it helps someone else.
Similar threads
