Microsoft has warned that malicious hackers are using an outdated web server Internet of Things (IoT) for targeted organizations in the energy sector.
In the analysis published On Tuesday, Microsoft researchers said they discovered a vulnerable open-source component in the Boa web server, which is still widely used in a number of routers and security cameras, as well as in popular software development kits (SDKs), despite that the software has been discontinued. in 2005. The tech giant first discovered the component while investigating an alleged intrusion into the Indian electrical grid. detailed from Recorded Future in April, when state-sponsored Chinese attackers used IoT devices to gain a foothold in operational technology (OT) networks used to monitor and control physical industrial systems.
Microsoft said it had identified one million Boa server components available online worldwide within one week, warning that the vulnerable component posed a “supply chain risk that could impact millions of organizations and devices.”
“Known [vulnerabilities] exposing such components could allow an attacker to gather information about network assets before launching attacks and gain access to the network undetected by obtaining valid credentials,” Microsoft said, adding that this could allow attackers to have “much more influence” one day. the attack begins.
Microsoft stated that the most recent attack it observed was Tata Power compromise in October. This breach led to Hive ransomware group releases data stolen from Indian energy giantwhich included confidential employee information, engineering drawings, financial and bank records, customer records, and some private keys.
“Microsoft continues to see attackers attempting to exploit Boa’s vulnerabilities beyond the times specified in the published report, indicating that it is still an attack vector,” Microsoft said in a statement.
The company warned that addressing these shortcomings of Boa is difficult both because of the continued popularity of the now-defunct web server and the complex nature of how it is embedded in the supply chain of IoT devices. Microsoft encourages organizations and network operators to fix vulnerable devices whenever possible, identify devices with vulnerable components, and configure detection rules to detect malicious activity.
Microsoft’s warning re-emphasizes the supply chain risk associated with flaws in commonly used networking components. Log4ShellA zero-day vulnerability that was discovered last year in Log4j, Apache’s open source logging library, is estimated to have potentially affected more than three billion devices.