Microsoft Says Attackers Are Hacking Energy Grids by Exploiting Decades-Old Software

0
53

Microsoft says malicious hackers are targeting businesses in the energy industry by taking advantage of a web server that has been discontinued but is still present in many Internet of Things (IoT) devices.

Highlights

  • Security threat –  Discontinued Boa, an open-source web server.
  • High-severity information disclosure bug (CVE-2021-33558) and arbitrary file access flaw (CVE-2017-9833) to exploit Boa flaws.
  • Acts a “supply chain risk that may affect millions of organizations and devices.”

A vulnerable open-source component in the Boa web server is used widely in a range of routers and security cameras along with popular software development kits (SDKs), where SDK is a set of tools that allow developers to write or use an existing framework to develop applications for a given platform.

The existence of a Boa server which is discontinued since 2005 in a product is unknown by many of the users.

Realtek SDK is one example of a software development kit that is provided to companies that make routers, access points, and other gateway devices and contains the Boa web server.

One million internet-exposed Boa server components are identified worldwide over the span of a one-week period, cautioning that the vulnerable component acts as a “supply chain risk that may affect millions of organizations and devices.”

According to Microsoft, “The known [vulnerabilities] impacting such components can allow an attacker to collect information about network assets before initiating attacks, and to gain access to a network undetected by obtaining valid credentials.”

And a recent attack was Tata Power, a top power producer in India resulted in the Hive ransomware group publishing stolen data from the Indian energy giant, which included sensitive employee information, engineering drawings, financial and banking records, client records, and some private keys.

“Microsoft continues to see attackers attempting to exploit Boa vulnerabilities beyond the timeframe of the released report, indicating that it is still targeted as an attack vector,” Microsoft said.

LEAVE A REPLY

Please enter your comment!
Please enter your name here