Microsoft has warned that malicious hackers are exploiting a discontinued web server found on common Internet of Things (IoT) devices to target organizations in the energy sector.

In an analysis published on Tuesday, Microsoft researchers said they had discovered a vulnerable open-source component in the Boa web server, which is still widely used in a variety of routers and security cameras, as well as in popular development kits. software (SDKs).

publicity

Read more:

Despite the software’s retirement in 2005, the tech giant identified the component while investigating a suspected hack into the Indian power grid detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices to gain position on operational technology (OT) networks. ), used to monitor and control physical industrial systems.

Microsoft said it identified 1 million Boa server components exposed to the Internet globally in a week’s time, warning that the vulnerable component represents “supply chain risk that could affect millions of organizations and devices.”

The company added that it continues to see attackers trying to exploit Boa flaws, which include a high severity information disclosure bug (CVE-2021-33558) and another arbitrary file access flaw (CVE-2017-9833).

“At [vulnerabilidades] Known threats affecting these components could allow an attacker to gather information about network assets before launching attacks and gain undetected network access by obtaining valid credentials,” Microsoft said, adding that this could allow attackers to have “much greater impact” once the attack starts.

Microsoft said the most recent attack it saw was the Tata Power compromise in October. This breach resulted in the Hive ransomware group publishing data stolen from the Indian energy giant, which included confidential employee information, engineering drawings, financial and banking records, customer records, and some private keys.

“Microsoft continues to see attackers attempting to exploit Boa’s vulnerabilities beyond the timeframe of the released report, indicating that it is still the target of an attack vector,” Microsoft said.

The company cautioned that mitigating these Boa flaws is difficult due to the ongoing popularity of the now-defunct web server and the complex nature of how it is integrated into the IoT device supply chain.

Microsoft recommends that organizations and network operators patch vulnerable devices whenever possible, identify devices with vulnerable components, and configure detection rules to identify malicious activity.

Microsoft’s advisory again highlights the supply chain risk posed by flaws in widely used networking components.

Log4Shell, the zero-day vulnerability identified last year in Log4j, the open-source Apache logging library, is estimated to have potentially affected more than three billion devices.

Via TechCrunch

Have you watched the new videos on YouTube of the Business Raw? Subscribe to the channel!