Intermediate

Security Hot Takes: The Rackspace Breach

The Rackspace Hosted Exchange breach illustrates how a known, already-patched vulnerability chain — not a true zero-day — can still lead to a major ransomware incident when patching is de...

In early December 2022, Rackspace's Hosted Exchange email service was hit by a ransomware attack. The intrusion involved an externally facing service application being compromised — specifically a Microsoft Exchange server — and it resulted in ransomware being deployed against a cloud service provider's shared infrastructure.

The attack began the way most large-scale Exchange compromises begin: mass internet scanning. Threat actors scan the internet for Exchange services that are publicly exposed, fingerprinting them via HTTP response headers returned by the web service. Once a list of exposed Exchange servers has been built, the attackers cross-reference which of those servers are unpatched and therefore vulnerable, and then launch the exploit against that subset.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The Rackspace Hosted Exchange Ransomware Breach
  3. 3 Summary

More Security Hot Takes & Threat Intel courses

View all 21

Interested in this course?

Contact us to book it or get a custom training plan for your team.