Free Republic
Browse · Search		 General/Chat
Topics · Post Article

Skip to comments.

Rackspace confirms ransomware attack behind days-long email meltdown
The Register ^ | 12/06/2022 | Jessica Lyons Hardcastle

Posted on 12/08/2022 2:34:50 PM PST by linMcHlp

UPDATED Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers.

The security snafu took down some of Rackspace's hosted Microsoft Exchange services on Friday afternoon [12/02/2022]. In its most recent update, posted at 0826 Eastern Time on Tuesday [12/06/2022], Rackspace said it has now "determined this suspicious activity was the result of a ransomware incident," and has hired a "leading cyber defense firm to investigate."

The company hasn't yet determined what customer data was touched. "If we determine sensitive information was affected, we will notify customers as appropriate," it added.

(Excerpt) Read more at theregister.com ...

TOPICS: Computers/Internet; Reference; Science
KEYWORDS: exchangeemail; hacking; hosting; ransomware

1 posted on 12/08/2022 2:34:50 PM PST by linMcHlp
[ Post Reply | Private Reply | View Replies]
To: linMcHlp

Rackspace Status:

https://status.apps.rackspace.com/


2 posted on 12/08/2022 2:36:04 PM PST by linMcHlp
[ Post Reply | Private Reply | To 1 | View Replies]
To: linMcHlp

One would think that a large organization such as this would have absolutely the best cyber security around. But I’m not all that surprised. Many company’s skimp on their security and hope they don’t get hit. It happens more than people realize.


3 posted on 12/08/2022 3:29:46 PM PST by oldguy1776
[ Post Reply | Private Reply | To 1 | View Replies]
To: oldguy1776

Rackspace Hosted Exchange Outage Due to Security Incident
https://www.searchenginejournal.com/rackspace-hosted-exchange-outage-due-to-security-incident/473062/

Excerpted from that info:

These are the two most current vulnerabilities:

CVE-2022-41040
Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
A Server Side Request Forgery (SSRF) attack allows a hacker to read and change data on the server.

CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability
A Remote Code Execution Vulnerability is one in which an attacker is able to run malicious code on a server.

- - -

A recent Techcrunch article:

https://techcrunch.com/2022/12/06/rackspace-blames-ransomware-attack-for-ongoing-exchange-outage/

EXCERPT:

[S]ecurity researcher Kevin Beaumont believes the incident may involve exploitation of the Microsoft Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082, better known as ProxyNotShell. ProxyNotShell first came to light in late September after Vietnamese cybersecurity company GTSC observed it being exploited in the wild. Microsoft confirmed exploitation the following month and linked it to a state-sponsored hacker group.


4 posted on 12/08/2022 6:39:46 PM PST by linMcHlp
[ Post Reply | Private Reply | To 3 | View Replies]
To: oldguy1776
One would think that a large organization such as this would have absolutely the best cyber security around.

Pretty much, if you're using Microsoft Exchange, you really don't give a crap about security. What a virus and worm magnet.

5 posted on 12/08/2022 7:35:13 PM PST by zeugma (Stop deluding yourself that America is still a free country.)
[ Post Reply | Private Reply | To 3 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 General/Chat
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson