Hackers attack the energy sector by taking advantage of outdated software flaws

Hackers attack the energy sector by taking advantage of outdated software flaws

A large number of routers and web-related objects contain code that has been deprecated for more than 15 years, and which has many critical flaws. Hackers will use it as an entry point to attack the infrastructure of some companies, particularly in the energy sector.

Microsoft just released a report Regarding the ongoing wave of attacks. Hackers attack specific devices that can compromise corporate internal networks, targeting the energy sector more specifically. This comes after an initial report was published recorded future In April on the attacks in India attributed to the group hackers sponsored Chinese government.

Microsoft has investigated and discovered that hackers infiltrate systems through the presence of the Boa web server, a software component that has been deprecated since 2005. Boa is included in routers, connected objects and in software development kits (SDKs). This component contains several serious defectsincluding abusive file access (CVE-2017-9833) and disclosure of information (CVE-2021-33558).

Over a million devices on display

these Disadvantages It can be exploited without authentication. Once the device containing the Boa server is compromised, hackers can use it to attack the rest of the company’s internal network. The latest attack on India’s Tata Power took place in October. The Hive hacker group demanded a ransom, then posted the stolen data on dark web When the company refused to pay.

Microsoft has detected the presence of Boa Server on more than a million devices connected to the Internet, which means that a large number of companies could be vulnerable to attacks.

See also  Rainbow Six Siege - No intersection before the end of 2022

You May Also Like

About the Author: Octávio Florencio

"Evangelista zumbi. Pensador. Criador ávido. Fanático pela internet premiado. Fanático incurável pela web."

Leave a Reply

Your email address will not be published. Required fields are marked *