Microsoft: Attackers use 20-year-old software to hack power grid
Microsoft: Attackers use 20-year-old software to hack power grid

Microsoft has warned that cybercriminals have been targeting energy sector organizations with a web server that has been down for more than two decades but is used in popular Internet of Things devices.

In an analysis published Tuesday, Microsoft researchers said they found a vulnerable component in the open-source Boa web server, which is still widely used in a number of routers and security cameras, as well as a popular software development tool (SKD), even if the software has been retired. Works since 2005.

The US tech giant discovered the component while investigating a suspected hack into India's power grid, first detailed by Recorded Future in April, in which attackers used IoT devices to gain a foothold on the Internet, funded by the Chinese government. An operational technology network to monitor and control industrial systems.

Microsoft said it had identified 1 million vulnerable Boa server components worldwide in just one week, warning that the compromised components constitute a "supply chain that could affect millions of vulnerable organizations and devices."

The company added that attackers continue to try to exploit security vulnerabilities in BoA, including a critical information disclosure vulnerability and another that allows access to files.

"Known vulnerabilities in these components could allow attackers to gather information about network resources before launching an attack and gain access to undetected networks by obtaining valid credentials," Microsoft said, adding that this may be possible before the attack begins. attacker effect.

Microsoft said the most recent attack it noticed was the Tata Power hack last October.

The breach led to the release of the Hive ransomware suite, which stole data from the Indian energy giant, including sensitive employee information, engineering drawings, financial and banking records, customer records and some private keys.

"Microsoft continues to see attackers attempting to exploit a BoA vulnerability," the company said. The company warned that fixing the Boa bug will be difficult given the continued popularity of the now-defunct web server and the complexity of its integration into the IoT device supply chain.

Microsoft recommends that organizations and network operators fix vulnerable devices whenever possible, identify devices with vulnerable components, and configure detection rules to identify malicious activity.

Microsoft's warning, in particular, again points to the supply chain risks posed by vulnerabilities in widespread network components. Log4Shell, a vulnerability exploited last year in the open source Apache Log4j logging library, is estimated to affect more than 3 billion devices.

Previous Post Next Post