Connect with us

Hi, what are you looking for?

Tech & Science

Critical web server bug puts thousands of sites at immediate risk

The bug allows an attacker to execute arbitrary code on the web server, giving them the ability to access or destroy data, create user accounts, lock out admins or install more malware. Two different exploitation techniques are known to be in use and the Cisco Talos researchers who discovered the issue warned of a “high number” of attack attempts.
In the past two days since Cisco’s public disclosure, the number of attacks has ballooned as hackers rush to take advantage of the serious issue. It lies in Apache Struts 2, a framework that developers can use to create web applications in the Java programming language. Struts is a popular framework with widespread use, including by highly-sensitive services.
The developers behind Struts have already issued a patch for the vulnerability that resolves the problem. However, most Struts servers haven’t yet been updated. Until administrators have installed the new version, their apps remain at risk of attack. Hackers are scanning the Internet to identify vulnerable servers.
Cisco has observed three primary attacks that are currently being deployed. The first is a low-level scan that runs an innocuous Linux command. If the server responds with the command’s output, the attacker knows it is vulnerable and can follow-up with a series of malicious scripts.
At present, the aggressive forms of the attack are taking actions to shut down security applications on the server and then install malware. Programs that have been installed include a denial of service bot and an IRC chat bouncer.
The final class of command being sent to Struts servers aims to achieve persistent access to the machine. The attackers run system commands that copy their malware to the filesystem and then register it to run each time the server starts up. This allows them to continually monitor the machine and any changes to its data.
Cisco said the bug began to see widespread public exploitation after Apache publicly detailed the issue in a security advisory on Sunday. The company warned the volume of attacks is showing no signs of slowing down and is likely to see sustained exploitation for a significant amount of time. The vulnerability is trivial to exploit, requiring nothing more than a specially crafted HTTP request to be sent to the server.
“Upon deployment [of the advisory] we saw immediate exploitation occurring,” said Cisco. “This exploitation has continued steadily since. It is likely that the exploitation will continue in a wide scale since it is relatively trivial to exploit and there are clearly systems that are potentially vulnerable.”
With so many Struts servers in use, the bug is currently a highly attractive target for cybercriminals looking for easy hits. Although companies, governments and website administrators have been sent information on the importance of installing the update, it’s likely it’ll be some time before every system is fully protected.

Written By

You may also like:

World

Calling for urgent action is the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF)

Business

The cathedral is on track to reopen on December 8 - Copyright AFP Ludovic MARINParis’s Notre-Dame Cathedral, ravaged by fire in 2019, is on...

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

A recent article in the Wall Street Journal infers that some workers might be falling out of the job market altogether.