Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


Threat Update 32 – Lemon Duck Floats on Exchange ProxyLogon Vulnerability

Data Security

What’s better than cryptocurrency? FREE cryptocurrency, right? Not if you’re one of the many victims of the Lemon Duck cryptomining botnet who is footing the bill for the “free” (to them) mining operations.

Not content to rest on their laurels, this ever-evolving cryptocurrency botnet started targeting Exchange servers vulnerable to ProxyLogon.

Join Kilian and Kyle Roth from the Varonis Incident Response Team as they discuss this new botnet functionality, and how Varonis helped detect, investigate, and respond to this attack in the field.

Articles referenced in this video:
Bleeping Computer: Microsoft Exchange exploits now used by cryptomining malware
Microsoft blog: Analyzing attacks taking advantage of the Exchange Server vulnerabilities

Not sure how to check if you are vulnerable to ProxyLogon? This video walks you through the use of some of the free vulnerability checker tools:​

👋To learn how else we can help, please visit us at:​

Varonis customers also get access to great educational content to help support them on their journey:

Kilian Englert

Kilian Englert

Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cyber security and technology best practices.


Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.