Apache Struts 2 exploit used to install ransomware on servers
Security

Apache Struts 2 exploit used to install ransomware on servers

Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.

The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.

The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.

This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.

While the initial attack campaigns deployed simple backdoors and Unix bots, the latest attacks seen by researchers from SANS is deploying a potentially much more damaging malware: the Cerber ransomware program.

Cerber appeared over a year ago and has had time to mature. It is well developed and its encryption implementation has no known flaws that could allow the free recovery of files.

Struts is widely used for application development in enterprise environments and this is not the first time when server enterprise server software has been exploited to install ransomware. Last year, attackers took advantage of a vulnerability in the JBoss application server in a similar manner.

Server administrators who haven't updated their Struts deployments should do so as soon as possible. Also, since this vulnerability allows command execution with the privileges of the user running the application, so its good to run the process from unprivileged accounts.

Furthermore, application whitelisting policies can be used on Windows servers to limit which applications unprivileged users can execute, blocking the ability of attackers to execute ransomware or other malicious programs.

IDG Insider

PREVIOUS ARTICLE

«AMD's Ryzen Balanced power plan for Windows promises to boost CPU performance

NEXT ARTICLE

Facebook's M assistant launches in US, will offer chat suggestions»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?