Security Hot Takes: The Rackspace Breach
The Rackspace Hosted Exchange breach illustrates how a known, already-patched vulnerability chain — not a true zero-day — can still lead to a major ransomware incident when patching is de...
In early December 2022, Rackspace's Hosted Exchange email service was hit by a ransomware attack. The intrusion involved an externally facing service application being compromised — specifically a Microsoft Exchange server — and it resulted in ransomware being deployed against a cloud service provider's shared infrastructure.
The attack began the way most large-scale Exchange compromises begin: mass internet scanning. Threat actors scan the internet for Exchange services that are publicly exposed, fingerprinting them via HTTP response headers returned by the web service. Once a list of exposed Exchange servers has been built, the attackers cross-reference which of those servers are unpatched and therefore vulnerable, and then launch the exploit against that subset.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
3 sections- 1 Table of Contents
- 2 Module 1: The Rackspace Hosted Exchange Ransomware Breach
- 3 Summary
More Security Hot Takes & Threat Intel courses
View all 21Hot Takes: Inside a Microsoft Ransomware Attack
The Marks & Spencer incident is a textbook example of how modern ransomware operations succeed by targeting identity infrastructure and virtualization hosts rather than individual endpoin...
IT Security Champion: Cyber Threat Intel and Emerging Threats
Security is everyone's job — not solely the responsibility of the security department. Adopting a security culture and a security mindset is the foundation of being an effective IT securi...
Security Hot Takes: The LastPass Breach
The LastPass breach is actually two distinct but connected security incidents, separated by several months, with confusing and inconsistent public communication from the company throughou...
Sandworm: Application Layer Protocol and Web Emulation
Command and control is the connective tissue of nearly every intrusion that progresses beyond initial access — without it, an attacker cannot issue commands, move laterally, or exfiltrate...
Security Hot Takes: SBOMs
security · hot · takes · sboms · threat · intel · networking · systems · sbom · bills · materials · concept · debate · mandate · software.
Security Hot Takes: The Aliquippa Water Breach
The Aliquippa Water Authority breach is a case study in how a basic, avoidable systems-integration failure — not a sophisticated exploit — can expose critical infrastructure to compromise...
Interested in this course?
Contact us to book it or get a custom training plan for your team.