Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.
The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.
The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.
This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.
While the initial attack campaigns deployed simple backdoors and Unix bots, the latest attacks seen by researchers from SANS is deploying a potentially much more damaging malware: the Cerber ransomware program.
Cerber appeared over a year ago and has had time to mature. It is well developed and its encryption implementation has no known flaws that could allow the free recovery of files.
Struts is widely used for application development in enterprise environments and this is not the first time when server enterprise server software has been exploited to install ransomware. Last year, attackers took advantage of a vulnerability in the JBoss application server in a similar manner.
Server administrators who haven't updated their Struts deployments should do so as soon as possible. Also, since this vulnerability allows command execution with the privileges of the user running the application, so its good to run the process from unprivileged accounts.
Furthermore, application whitelisting policies can be used on Windows servers to limit which applications unprivileged users can execute, blocking the ability of attackers to execute ransomware or other malicious programs.
Next read this:
- Top 9 challenges IT leaders will face in 2020
- Top 5 strategic priorities for CIOs in 2020
- 7 'crackpot' technologies that might transform IT
- 8 technologies that will disrupt business in 2020
- 7 questions CIOs should ask before taking a new job
- 7 ways to position IT for success in 2020
- The 9 new rules of IT leadership
- 20 ways to kill your IT career (without knowing it)
- IT manager’s survival guide: 11 ways to thrive in the years ahead
- CIO resumes: 6 best practices and 4 strong examples
- 4 KPIs IT should ditch (and what to measure instead)