Hackers tried 2 methods of exploiting a zero-day vulnerability in Sophos’ XG firewall, but Sophos says it made a temporary fix that mitigated the risks.
Attackers originally attempted to plant a Trojan in networks by exploiting the zero-day vulnerability, but then switched to ransomware.
The XG firewalls that received a hotfix were able to block the attacks, including the ransomware, which the company identified as Ragnarok.
This crypto-locking malware was first noticed in January, when security firm FireEye published a report on it, noting that its operators were trying to take advantage of flaws in Citrix’s ADC and Gateway servers at the time.
Sophos detected the first wave of these attacks in April when the hackers were attempting to take advantage of a zero-day SQL injection vulnerability in the XG firewall products.
CVE-2020-12271, allowed the attackers to target the firewall’s built-in PostgreSQL database server, then allowing the hackers to inject a single line of Linux code into databases that would enable them to plant malware within vulnerable networks.
The attackers attempted to plant a Trojan called Asnarök, which enables threat actors to steal user names and hashed passwords.
When Sophos analysts began to notice the attacks unfolding they rushed out a temporary fix to its customers.
The hackers then attempted to switch tactics.
During the initial attacks in April, the hackers left behind what Sophos calls a “backup channel” and other malicious files that would allow the attackers to re-enter a network if they had been detected and blocked.
When Sophos blocked the first firewall attack with a hotfix, the hackers attempted to leverage the EternalBlue vulnerability in older versions of Microsoft Windows and the DoublePulsar backdoor malware to re-enter networks and plant the Ragnarok ransomware.
The hotfix prevented the hackers from executing this newer attack because it disabled the malicious files.
Leis an méadú ar threochtaí teicneolaíochta go leor, tá na buntáistí ag baint le gach tionscal. Different technologies…
Is é cearrbhachas ar líne an gnáthchearrbhachas is déanaí i saol digiteach luas tapa an lae inniu. The internet now offers…
Séasúr cánach: tráth den bhliain tá faitíos ar go leor daoine aonair agus gnólachtaí. The weight of ensuring…
As we enter in the final months of 2023, we can talk more clearly about…
Ó scaoileadh i 2011, Minecraft has become one of the most played video games…
Tá Minecraft gníomhach le breis agus deich mbliana anuas, and in that time it has…
This website uses cookies.