[BreachExchange] Threat actors can exploit Spring4Shell to launch botnets that target cloud-based IoT systems

[Matthew Wheeler]

https://www.scmagazine.com/news/application-security/threat-actors-can-exploit-spring4shell-to-launch-botnets-that-target-cloud-based-iot-systems

Researchers on Friday reported active exploitation of the Spring4Shell
vulnerability that allows threat actors to weaponize and execute the Mirai
botnet malware, which tends to launch DDoS attacks on cloud-based IoT
systems such as security cameras, agricultural systems, medical devices,
and vehicles.

In a blog post, Trend Micro researchers said malicious actors were
executing the Mirai botnet malware primarily in the Singapore region. The
researchers said they saw the exploitation of CVE-2022-22965 at the start
of April 2022.

The researchers say the RCE vulnerability gives threat actors full access
to compromised devices, making it a dangerous and critical vulnerability.
Spring has released patches for this vulnerability with complete details
here.

The industry had expected to see threat actors leverage the Spring4Shell
vulnerability since it was announced, and Trend Micro’s research proves
this out, said Mike Parkin, senior technical engineer at Vulcan Cyber.
Parkin said thus far, Spring4Shell hasn’t blown up into a massive issue,
but it still has the potential to become a higher-profile problem.

“It also reinforces the ‘you are responsible for your own applications’
security structure in the cloud,” Parkin said. “Cloud vendors usually do an
excellent job securing their platforms, however, if you deploy vulnerable
software, then it’s your responsibility to fix it, not theirs.”

Davis McCarthy, principal security researcher at Valtix, added that
organizations lack visibility into the security events that impact their
cloud workloads and services, whether from the rapid migration to the
cloud, or the technical debt that comes with it.

“Threat actors know they can target cloud infrastructure and spread
crypto-mining/DDoS botnets, like Mirai, without being detected,” McCarthy
said. “Spring4Shell shows us that cloud applications need proactive defense
capabilities, especially when the zero-day allows full access to the
vulnerable host.”

Chris Olson, CEO at The Media Trust, said in face of Log4Shell, many
organizations rolled out patches to protect their internal systems and
consumer-facing services.

“But the emergence of Spring4Shell reminds us that patching is only a
temporary fix: as long as organizations are depending on third-party assets
for website, app and back-end development, they must exercise continual
vigilance and monitoring to protect their users,” Olson said.

Steve Zurier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220412/ade744d0/attachment.html>