A Ransomware Attack that Bypassed A Cloud Computing Provider’s ProxyNotShell Mitigations

Read Time:1 Minute, 40 Second

Rackspace, the global leader in cloud hosting and managed services, recently experienced a ransomware attack that bypassed one of its security mitigations. The company had implemented Microsoft’s ProxyNotShell mitigation to protect against ransomware attacks but failed to apply the latest update due to reports of issues with the patch.

The managed cloud hosting company Rackspace Technology has confirmed the massive ransomware attack on December 2 that disrupted email services for thousands of its small-to-midsize business clients.

The hackers employed a new technique to trigger a Remote Code Execution (RCE) vulnerability, known as CVE-2022-41082, by using another vulnerability called CVE-2022-41080. This technique allowed the hackers to bypass Rackspace’s ProxyNotShell mitigations, which were put into place to protect against such attacks.

The bypass was discovered by security analysts working for the company and led to an emergency patch being applied. The ransomware attack was able to inject malicious code into a vulnerable system, which allowed it to bypass the mitigations that had been put in place.

“We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080,” Karen O’Reilly-Smith, chief security officer for Rackspace, told Dark Reading in an email response.

“Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a remote code execution chain that was exploitable.”

In light of this incident, Rackspace has warned other organisations to review their security measures and patch any known vulnerabilities in order to ensure they are protected against similar attacks. It is also important for companies to regularly monitor their networks in order to quickly detect any potential intrusions or malicious activity.

This attack on Rackspace serves as a reminder of how easily hackers can bypass security systems and the importance of staying up to date with cyber security protocols. Organisations should take all necessary steps to protect their networks, data, and customers.

About Post Author

Mitchell Eaton

mitchellsamueleaton@gmail.com

Happy

0 %

Sad

0 %

Excited

0 %

Sleepy

0 %

Angry

0 %

Surprise

0 %

InProxyNotShell Mitigations, Rackspace, Rackspace Technology, Ransomware Attack, Remote Code Execution

The Recent Security Breach Was Caused by the Lapsus Hacking Group, According to Uber

2Factors Episode 3 – General Motors, Deepfakes, Ransomware Attack against SpiceJet

2Factors Episode 1 – The Metaverse, Hyper-Personalisation, Privacy, World Events and Cyber Attacks

A Ransomware Attack that Bypassed A Cloud Computing Provider’s ProxyNotShell Mitigations

About Post Author

Mitchell Eaton

Follow us