Microsoft Says Attackers Are Hacking Energy Grids By Exploiting Decades-Old Software

An anonymous reader quotes a report from TechCrunch: Microsoft has warned that malicious hackers are exploiting a discontinued web server found in common Internet of Things (IoT) devices to target organizations in the energy sector. In an analysis published on Tuesday, Microsoft researchers said they had discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs), despite the software’s retirement in 2005. The technology giant identified the component while investigating a suspected Indian electric grid intrusion first detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.

Microsoft said it has identified one million internet-exposed Boa server components globally over the span of a one-week period, warning that the vulnerable component poses a “supply chain risk that may affect millions of organizations and devices.” The company added that it continues to see attackers attempting to exploit Boa flaws, which include a high-severity information disclosure bug (CVE-2021-33558) and another arbitrary file access flaw (CVE-2017-9833). “The known [vulnerabilities] impacting such components can allow an attacker to collect information about network assets before initiating attacks, and to gain access to a network undetected by obtaining valid credentials,” Microsoft said, adding that this can allow the attackers to have a “much greater impact” once the attack is initiated. “The company has warned that mitigating these Boa flaws is difficult due to both the continued popularity of the now-defunct web server and the complex nature of how it is built into the IoT device supply chain,” reports TechCrunch. “Microsoft recommends that organizations and network operators patch vulnerable devices where possible, identify devices with vulnerable components, and to configure detection rules to identify malicious activity.”

Read more of this story at Slashdot.

Source: Slashdot