Rackspace, the global leader in cloud hosting and managed services, recently experienced a ransomware attack that bypassed one of its security mitigations. The company had implemented Microsoft’s ProxyNotShell mitigation to protect against ransomware attacks but failed to apply the latest update due to reports of issues with the patch.
The managed cloud hosting company Rackspace Technology has confirmed the massive ransomware attack on December 2 that disrupted email services for thousands of its small-to-midsize business clients.
The hackers employed a new technique to trigger a Remote Code Execution (RCE) vulnerability, known as CVE-2022-41082, by using another vulnerability called CVE-2022-41080. This technique allowed the hackers to bypass Rackspace’s ProxyNotShell mitigations, which were put into place to protect against such attacks.
The bypass was discovered by security analysts working for the company and led to an emergency patch being applied. The ransomware attack was able to inject malicious code into a vulnerable system, which allowed it to bypass the mitigations that had been put in place.
“We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080,” Karen O’Reilly-Smith, chief security officer for Rackspace, told Dark Reading in an email response.
“Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a remote code execution chain that was exploitable.”
In light of this incident, Rackspace has warned other organisations to review their security measures and patch any known vulnerabilities in order to ensure they are protected against similar attacks. It is also important for companies to regularly monitor their networks in order to quickly detect any potential intrusions or malicious activity.
This attack on Rackspace serves as a reminder of how easily hackers can bypass security systems and the importance of staying up to date with cyber security protocols. Organisations should take all necessary steps to protect their networks, data, and customers.
More Stories
Killnet and AnonymousSudan Collaborate to Launch Cyber Attacks on Western Organisations
In recent news, it has been reported that two Russia-sympathetic hacktivist groups, Killnet and AnonymousSudan, have allegedly launched a series...
$4000 Gone In An Instant: Mother Defrauded in Facebook Marketplace Car Deal
A mother of four is warning others to be cautious after believing she had purchased a safe and dependable car...
Shocking Scam: Sydney Family Loses $200K Life-Savings in Suncorp Spoofing Fraud
A family from Sydney has lost their life savings worth $200,000 due to a fraudulent scam. Peter and Madison, who...
Mysterious Money Transfer Leaves Couple Speechless: How They Got an Unsolicited $4000
A young couple in Melbourne claims their bank is making up a personal loan they do not understand. Ashley and...
Phishing + AI + Voice Cloning= Big Trouble: The New Way Criminals are Stealing Your Money
New Alert: Criminals use AI and voice cloning to trick you out of your money. Earlier this year, Microsoft unveiled...
‘Impossible to Spot’ Delivery Scam Email Targets Australia Post Customers – Don’t Fall Victim!
Unsuspecting shoppers should be cautious as a parcel delivery scam that is hard to distinguish targets Australia Post customers. Email...