MADRID, 24 Nov. (Portaltic/EP) –
Microsoft has announced that an error registered in one of its servers, discontinued in 2005, could have compromised the security of several companies dedicated to the energy sector and industry.
The company has explained that, despite having suspended the service of its Boa web server 17 years ago, it continues to be implemented by different providers in a variety of connected devices (IoT) and development kits of popular ‘software'(SDKs).
This use is not controlled, that is, it does not have developers to ensure its security and maintain it, so that cybercriminals could silently gain access to it in order to gather information from your files.
As Microsoft has commented in a statement, it is possible that those affected have performed their services using this discontinued web server and that it does not have ‘firmware’ updates and security patches capable of addressing known vulnerabilities.
The Microsoft Thread Intelligence Center (MSTIC) team identified more than one million devices that use the Boa server (which is implemented in both IoT devices and cameras) exposed to vulnerabilities.
This section of the company began an investigation into a report prepared a few months ago by security provider Recorded Futureabout a threat actor who reportedly promoted several intrusion attempts into India’s critical infrastructure over the past two years.
Recorded Future listed in this study more than a dozen engagement network (IOC) indicators, which would have been used between the end of last year and the first quarter of this against organizations dedicated to the energy sector in India.
Specifically, the researchers determined that more than 10 percent of all active IP addresses were related to industries such as oil and gas or fleet services.
Some of the known vulnerabilities found in the Boa server include arbitrary file access (CVE-2017-9833) and information disclosure (CVE-2021-3358), which would allow attackers malicious code execution remotely once they have gained access to the device.
Microsoft has explained that since these vulnerabilities do not require authentication to be exploited, they make attractive reference points for cybercriminals.
In addition, he recalled that ‘firmware’ updates on IoT devices do not always deploy the SDKs, while the list of information registered on known security vulnerabilities (CVE, for its acronym in English) can allow attackers to initiate attacks and collect confidential data without being detected.
“In critical infrastructure networks, being able to collect information without being detected before the attack allow attackers to have a much greater impact once the attack has started, which can interrupt operations that can cost millions of dollars and affect millions of people”, can be read in this writing.