Microsoft says attackers are hacking into energy networks by exploiting decades-old software
Microsoft has warned that malicious hackers are exploiting an abandoned web server found in common Internet of Things (IoT) devices to target organizations in the energy sector.
In an analysis released Tuesday, Microsoft researchers said they discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as security kits. popular software development (SDK), despite the software being retired in 2005. The tech giant identified the component during an investigation into an alleged intrusion into India's power grid, first detailed by Recorded Future in April , where Chinese state-sponsored attackers used IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.
Microsoft said it identified one million Internet-exposed Boa server components worldwide over a one-week period, warning that the vulnerable component poses a "supply chain risk that could affect millions of people." 'organizations and devices'.
The company added that it continues to see attackers attempt to exploit flaws in Boa, including a very serious information disclosure bug (CVE-2021-33558) and another arbitrary data access flaw. files (CVE-2017-9833).
"Known [vulnerabilities] affecting these components may allow an attacker to gather information about network assets before launching attacks, and gain access to a network undetected by obtaining valid credentials ", said Microsoft, adding that this can allow attackers to have a "much greater impact" once the attack is launched.
Microsoft said the most recent attack observed was the Tata Power compromise in October. This breach led ransomware group Hive to release data stolen from the Indian energy giant, which included sensitive employee information, technical drawings, financial and banking records, customer records and some private keys. /p>
“Microsoft continues to see attackers attempting to exploit Boa vulnerabilities beyond the published reporting period, indicating that it is still being targeted as an attack vector,” Microsoft said.
The company warned that mitigating these flaws in Boa was difficult due to both the continued popularity of the now-defunct web server and the complex nature of integrating it into the supply chain of IoT devices. Microsoft recommends that organizations and network operators remediate vulnerable devices whenever possible, identify devices with vulnerable components, and configure detection rules to identify malicious activity.
Microsoft's warning again highlights the risk to the supply chain posed by flaws in widely used networking components. Log4Shell, a zero-day vulnerability that was identified last year in Log4j, Apache's open-source logging library, is estimated to have potentially affected over three billion devices.
Microsoft has warned that malicious hackers are exploiting an abandoned web server found in common Internet of Things (IoT) devices to target organizations in the energy sector.
In an analysis released Tuesday, Microsoft researchers said they discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as security kits. popular software development (SDK), despite the software being retired in 2005. The tech giant identified the component during an investigation into an alleged intrusion into India's power grid, first detailed by Recorded Future in April , where Chinese state-sponsored attackers used IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.
Microsoft said it identified one million Internet-exposed Boa server components worldwide over a one-week period, warning that the vulnerable component poses a "supply chain risk that could affect millions of people." 'organizations and devices'.
The company added that it continues to see attackers attempt to exploit flaws in Boa, including a very serious information disclosure bug (CVE-2021-33558) and another arbitrary data access flaw. files (CVE-2017-9833).
"Known [vulnerabilities] affecting these components may allow an attacker to gather information about network assets before launching attacks, and gain access to a network undetected by obtaining valid credentials ", said Microsoft, adding that this can allow attackers to have a "much greater impact" once the attack is launched.
Microsoft said the most recent attack observed was the Tata Power compromise in October. This breach led ransomware group Hive to release data stolen from the Indian energy giant, which included sensitive employee information, technical drawings, financial and banking records, customer records and some private keys. /p>
“Microsoft continues to see attackers attempting to exploit Boa vulnerabilities beyond the published reporting period, indicating that it is still being targeted as an attack vector,” Microsoft said.
The company warned that mitigating these flaws in Boa was difficult due to both the continued popularity of the now-defunct web server and the complex nature of integrating it into the supply chain of IoT devices. Microsoft recommends that organizations and network operators remediate vulnerable devices whenever possible, identify devices with vulnerable components, and configure detection rules to identify malicious activity.
Microsoft's warning again highlights the risk to the supply chain posed by flaws in widely used networking components. Log4Shell, a zero-day vulnerability that was identified last year in Log4j, Apache's open-source logging library, is estimated to have potentially affected over three billion devices.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
