Warning for MILLIONS of Microsoft users as worldwide 'update-resistant' threat spotted – how to stay safe | The Sun

MICROSOFT Exchange servers have been backdoored by threat actors worldwide.

Attackers are using a new malware to access Microsoft Exchange servers belonging to military and government entities in Europe, the Middle East, Africa and Asia.

Dubbed SessionManager, the malicious software poses as an Internet Information Services (IIS) module.

IIS is the legitimate web server installed by default on Microsoft Exchange servers. 

Typically, organizations enable IIS modules to streamline specific processes on their web infrastructure, per ARSTechnica.

Roughly 34 servers belonging to 24 organizations have been infected with SessionManager since March 2021, Security firm Kaspersky revealed.

Read more on Microsoft

Official warning for Internet Explorer users as Microsoft shuts down browser

Microsoft warning for BILLIONS as malicious files spotted – how to stay safe

As of June 2022, around 20 organizations remained infected, Kaspersky said in a blog post on Thursday.

What does SessionManager do?

SessionManager can accomplish a number of things for threat actors, according to a report by Bleeping Computer.

The malware can drop and manage arbitrary files on comprised servers, execute code remotely, and link the victim's network to the bad actor's network.

Most read in Tech


Minecraft YouTube star dies at 23 as sarcoma cancer battle revealed


Minecraft YouTuber passes away one year after cancer diagnosis


Nasa to reveal deepest image of universe EVER


Warning for iPhone users over 'battery killer' mistake that strains device

Kaspersky explained further: "The SessionManager backdoor enables threat actors to keep persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization."

"Once dropped into the victim's system, cybercriminals behind the backdoor can gain access to company emails."

They can also update malicious access by installing other types of malware or "clandestinely manage compromised servers, which can be leveraged as malicious infrastructure."

How can I protect myself/my organization?

Backdoor attacks are difficult to detect, however, there are steps you can take to keep your device(s) safe.

For starters, use an Antivirus that can identify and prevent a wide range of malware, including trojans and spyware.

Be vigilant when downloading files from the internet as many of them can be compromised or loaded with malware.

Read More On The Sun

Minecraft YouTuber passes away one year after cancer diagnosis

Denise and Charlie’s daughter Lola, 17, involved in terrifying car crash

You will definitely also want to use a Firewall, which is considered essential for backdoor protection.

Firewalls monitor all incoming and outgoing traffic on your device – so if someone is trying to get into your device, the firewall will keep them out.

    Source: Read Full Article