Izindaba

Hackers tried 2 methods of exploiting vulnerabilities in Sophos

Hackers tried 2 methods of exploiting a zero-day vulnerability in Sophos’ XG firewall, but Sophos says it made a temporary fix that mitigated the risks.

Attackers originally attempted to plant a Trojan in networks by exploiting the zero-day vulnerability, but then switched to ransomware.

The XG firewalls that received a hotfix were able to block the attacks, including the ransomware, which the company identified as Ragnarok.

This crypto-locking malware was first noticed in January, when security firm FireEye published a report on it, noting that its operators were trying to take advantage of flaws in Citrix’s ADC and Gateway servers at the time.

Sophos detected the first wave of these attacks in April when the hackers were attempting to take advantage of a zero-day SQL injection vulnerability in the XG firewall products.

CVE-2020-12271, allowed the attackers to target the firewall’s built-in PostgreSQL database server, then allowing the hackers to inject a single line of Linux code into databases that would enable them to plant malware within vulnerable networks.

The attackers attempted to plant a Trojan called Asnarök, which enables threat actors to steal user names and hashed passwords.

When Sophos analysts began to notice the attacks unfolding they rushed out a temporary fix to its customers.

The hackers then attempted to switch tactics.

During the initial attacks in April, the hackers left behind what Sophos calls a “backup channel” and other malicious files that would allow the attackers to re-enter a network if they had been detected and blocked.

When Sophos blocked the first firewall attack with a hotfix, the hackers attempted to leverage the EternalBlue vulnerability in older versions of Microsoft Windows and the DoublePulsar backdoor malware to re-enter networks and plant the Ragnarok ransomware.

The hotfix prevented the hackers from executing this newer attack because it disabled the malicious files.

Source: https://www.instagram.com/p/CAiSyUZAP6J/

I-Suyash

Lona nguSuyash waseNdiya. I-CyberSecurity eshisekayo, I-Youtuber, I-Blogger, Freelancer kanye ne-pentester. Ngokuvamile ubhala izindatshana ukuze abelane ngolwazi lwakhe nomhlaba.

Recent Posts

Top Apps and Software for Budding Musicians

With the rise of many technological trends, all industries are reaping the benefits. Different technologies

12 months ago

Phezulu 9 Tips to Keep Yourself Safe When Gaming Online

Online gaming is the latest normal in today’s fast-paced digital world. The internet now offers

1 year ago

Pros And Cons Of Getting A Tax Extension for Your Fintech Business

Tax season: the time of year many individuals and businesses dread. The weight of ensuring

1 year ago

Phezulu 5 Games Which Became Most Popular in 2023 – Detailed Review!

As we enter in the final months of 2023, we can talk more clearly about

1 year ago

Ingabe I-Minecraft Legend Iyoke Ikhululeke?

Selokhu yakhululwa ngo 2011, Minecraft has become one of the most played video games

1 year ago

Ingabe i-Minecraft Java ingadlalwa nge-Xbox?

I-Minecraft isisebenze isikhathi esingaphezu kweminyaka eyishumi, and in that time it has

1 year ago

This website uses cookies.