Energy Sector Incar Hackers By Exploiting Scaled Server

Microsoft researchers have found open source components that are vulnerable on Boa's web servers. (photo: Fre Sonneveld / Unsplash)

JAKARTA - Cybercriminals are back in action, now targeting companies in the energy sector. They will exploit website servers that have long been suspended, which are found on public Internet of Things (IoT) devices in the industry.

This report was stated by Microsoft in its recently published analysis. Microsoft researchers say they have found vulnerable open source components on Boa's web servers.

Interestingly, this is still widely used on various routers and security cameras, as well as a popular software development kit (SDK) despite the software retiring in 2005.

Microsoft researchers identified components while investigating the alleged disruption to India's power grid, which was first carried out by Recorded Future in April, the striker was sponsored by China using an IoT device dubbed ShadowPad, to gain a foothold in the operational technology network (OT).

The device is used to monitor and control physical industrial systems. Microsoft said it had identified one million Boa server components that were exposed globally over a one-week span.

The company warns that if there are components that are vulnerable, it poses a risk to the supply chain that could affect millions of organizations and devices.

The attackers also continue to exploit Boa's weaknesses, which include a bug of disclosure of information with a high severity (CVE-2021-33558) and a weakness of access to other arbitrary files (CVE-2017-9833).

(Voluntaneity) known to affect these components could allow attackers to gather information about network assets before starting an attack, and to gain access to undetected networks by obtaining valid credentials, "said Microsoft.

Microsoft added that this could allow attackers to have a much larger impact after the attack began. Microsoft recommends that network organizations and operators patch vulnerable devices whenever possible.

They must also routinely identify devices with vulnerable components, and configure detection rules to identify malicious activity.