The password stealing malware has been targeting Microsoft’s Outlook Web Application (OWA), and Cybereason reports that the hackers have accessed more than 11,000 usernames and passwords.
Hackers placed a backdoor DLL file on the OWA server that allowed them to record login credentials from the scammed organization and/or company. The malicious DLL file could be reloaded every time the server was restarted, illustrating how the hackers had created safety measures to ensure that the backdoor was not be removed.
The authors of the Cybereason report, Yonatan Striem-Amit and Yoav Orot, state that the “configuration of OWA created an ideal attack platform because the server was exposed both internally and externally. Moreover, because OWA authentication is based on domain credentials, whoever gains access to the OWA server becomes the owner of the entire organization’s domain credentials.”
This may be especially troubling for Microsoft, considering the cloud has been a driving force of revenue for the company. Microsoft’s most recent earnings release revealed that commercial cloud revenue has grown 88% in the past quarter and that Office 365 subscribers increased by nearly 3 million to a total of 15.2 million subscribers.
A Microsoft spokesperson spoke to Slate, and stated: “The report conveniently skips over the important details of how an attacker might 'gain a foothold into a highly strategic asset' if a system is properly managed, secured, and up to date. For all types of critical servers and applications, we recommend IT administrators use the latest products and services, in combination with industry best practices for IT management.”
This year, Microsoft has released 105 security bulletins, a substantial increase from 2014 when Microsoft released 85 security bulletins.
Microsoft’s next security bulletin release is expected a week from today, on Tuesday, Oct. 13.