Related Posts
Subscribe via Email
Subscribe to our blog to get insights sent directly to your inbox.
An Exim server is a mail transfer agent used on Linux like operating systems. Exim is a free software and used by as much as 57% of the Internet email servers. Over the past couple weeks it has been noted that a heavy amount of Exim servers are under attack from two separate hacker groups.
In typical fashion anytime a new vulnerability is released there is always a person or group that tries to exploit that vulnerability in the wild. The vulnerability and exploit CVE –2019– 10149 was a security flaw publicly disclosed on June 5. The exploit is a remote command execution exploit that allows the improper validation of recipient address in the deliver_message() function.
It is estimated that there are between 500,000 in 5.4 million Exim servers currently installed across the Internet. The attacks seen to date take over unpatched systems via a worm. The compromised host will then scan the Internet for other servers and attempts to infect them as well. Infected servers will then be configured as cryptocurrency miners.
Some organizations have also report that these attacks create a back door into Exim servers by downloading a shell script to adds and SSH key to the root account.
According to many organizations via Twitter the first wave of attacks began on June 9. According to those reporting me exploit their are two command and control servers one of which is known, the address is http://173[.]212.214.137/s
The second type of attack is a little harder to identify. But basically goes something like this:
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.
Subscribe to our blog to get insights sent directly to your inbox.