{"id":6109,"date":"2021-11-12T16:35:26","date_gmt":"2021-11-12T14:35:26","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/it\/nuova-ondata-di-perfidi-attacchi-attraverso-server-exchange-presi-in-ostaggio"},"modified":"2024-05-07T20:06:40","modified_gmt":"2024-05-07T18:06:40","slug":"new-wave-of-sneaky-attacks-on-hijacked-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","title":{"rendered":"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio"},"content":{"rendered":"

Recentemente, diversi server Exchange compromessi sono colpiti da un\u2019ondata particolarmente insidiosa di attacchi via e-mail. Analogamente a quanto avvenuto con Emotet in passato, in questo periodo i destinatari ricevono risposte fasulle a conversazioni e-mail genuine. Queste finte risposte contengono link a malware. Tuttavia, queste e-mail vengono inviate attraverso i legittimi server di posta dei mittenti originali.<\/p>

Ci\u00f2 rende estremamente difficile filtrare tecnicamente o individuare personalmente questi messaggi. Secondo una nota inviata dal \u201cBundesamt f\u00fcr Sicherheit in der Informationstechnik\u201d (BSI, l\u2019ente federale tedesco per la sicurezza relativa alle tecnologie dell\u2019informazione), i link indirizzano l\u2019utente verso vari malware, tra cui Quakbot (estremamente pericoloso), DanaBot e SquirrelWaffle.<\/p>

Al momento, non \u00e8 noto come gli autori accedano al traffico di posta, n\u00e9 quale vulnerabilit\u00e0 di Microsoft Exchange venga specificamente sfruttata per lanciare questa nuova ondata di attacchi. Il BSI presume che i server colpiti siano stati rilevati diverso tempo fa senza che alcuno se ne accorgesse. Attualmente, i corrispondenti dati di accesso diventano merce di scambio nei mercati clandestini in Rete. Basandosi su un\u2019estensione del principio di simulazione, le nuove e-mail false potrebbero essere pi\u00f9 efficaci di quanto fosse gi\u00e0 Emotet<\/a> all\u2019epoca (anche se per il momento il numero di messaggi inviati \u00e8 ancora molto inferiore).<\/p>

Alle aziende e organizzazioni che sospettano che il loro server Exchange sia stato compromesso, il BSI consiglia di reinstallare il server Exchange e di ripristinare i dati necessari. Per questi e altri casi, Retarus offre il servizio Email Continuity<\/a>, che intenzionalmente non \u00e8 basato su prodotti Microsoft. Il servizio fornisce caselle di posta elettronica sul Web preconfezionate e pronte all\u2019uso. L’instradamento dei messaggi pu\u00f2 quindi essere immediatamente reindirizzato a questo backup “attivo”, garantendo cos\u00ec che il personale possa continuare a comunicare senza interruzioni.<\/p>

Email Continuity \u00e8 strettamente collegato con Retarus Email Security<\/a>, che protegge ovviamente anche le caselle di posta d\u2019emergenza. In caso di necessit\u00e0, nella soluzione failover \u00e8 possibile sfruttare anche altri servizi di Retarus Secure Email Platform<\/a>, tra cui la crittografia o l\u2019archiviazione di messaggi e-mail.<\/p> ","protected":false},"excerpt":{"rendered":"

Recentemente, diversi server Exchange compromessi sono colpiti da un\u2019ondata particolarmente insidiosa di attacchi via e-mail. I destinatari ricevono risposte fasulle a conversazioni e-mail genuine che contengono link a malware; queste risposte fasulle vengono inviate attraverso i legittimi server di posta dei mittenti originali.<\/p>\n","protected":false},"author":14,"featured_media":7964,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[8,15],"tags":[2927,3665],"dipi_cpt_category":[],"class_list":["post-6109","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-continuity","tag-exchange"],"acf":[],"yoast_head":"\nNuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio - Retarus Corporate Blog - IT<\/title>\n<meta name=\"description\" content=\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio\" \/>\n<meta property=\"og:description\" content=\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - IT\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-12T14:35:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T18:06:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\",\"name\":\"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio - Retarus Corporate Blog - IT\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg\",\"datePublished\":\"2021-11-12T14:35:26+00:00\",\"dateModified\":\"2024-05-07T18:06:40+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/it\/\",\"name\":\"Retarus Corporate Blog - IT\",\"description\":\"Sempre aggiornati\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/it\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/it\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio - Retarus Corporate Blog - IT","description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","og_locale":"it_IT","og_type":"article","og_title":"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio","og_description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","og_url":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","og_site_name":"Retarus Corporate Blog - IT","article_published_time":"2021-11-12T14:35:26+00:00","article_modified_time":"2024-05-07T18:06:40+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"Thomas Cloer","Tempo di lettura stimato":"2 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","url":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/","name":"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio - Retarus Corporate Blog - IT","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg","datePublished":"2021-11-12T14:35:26+00:00","dateModified":"2024-05-07T18:06:40+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/it\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Kompromittierte Exchange-Server werden aktuell f\u00fcr eine besonders heimt\u00fcckische Angriffswelle via E-Mail missbraucht. Die Empf\u00e4nger erhalten vorgebliche Antworten auf echte E-Mail-Unterhaltungen, die Links auf Schadsoftware enthalten \u2013 verschickt \u00fcber die legitimen Mail-Server der Absender.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/it\/wp-content\/uploads\/sites\/27\/2024\/05\/shutterstock_1378498490.jpg","width":1920,"height":1080,"caption":"Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/it\/new-wave-of-sneaky-attacks-on-hijacked-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/it\/"},{"@type":"ListItem","position":2,"name":"Nuova ondata di perfidi attacchi attraverso server Exchange presi in ostaggio"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/it\/#website","url":"https:\/\/www.retarus.com\/blog\/it\/","name":"Retarus Corporate Blog - IT","description":"Sempre aggiornati","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/it\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/it\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/posts\/6109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/comments?post=6109"}],"version-history":[{"count":5,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/posts\/6109\/revisions"}],"predecessor-version":[{"id":8981,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/posts\/6109\/revisions\/8981"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/media\/7964"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/media?parent=6109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/categories?post=6109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/tags?post=6109"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/it\/wp-json\/wp\/v2\/dipi_cpt_category?post=6109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}