Microsoft confirms that several energy companies were compromised by a bug from a discontinued server

MADRID, 24 Nov. (Portaltic/EP) –

Microsoft has announced that an error registered in one of its servers, discontinued in 2005, could have compromised the security of several companies dedicated to the energy sector and industry.

The company has explained that, despite having suspended the service of its Boa web server 17 years ago, it continues to be implemented by different providers in a variety of connected devices (IoT) and development kits of popular ‘software'(SDKs).

This use is not controlled, that is, it does not have developers to ensure its security and maintain it, so that cybercriminals could silently gain access to it in order to gather information from your files.

As Microsoft has commented in a statement, it is possible that those affected have performed their services using this discontinued web server and that it does not have ‘firmware’ updates and security patches capable of addressing known vulnerabilities.

The Microsoft Thread Intelligence Center (MSTIC) team identified more than one million devices that use the Boa server (which is implemented in both IoT devices and cameras) exposed to vulnerabilities.

This section of the company began an investigation into a report prepared a few months ago by security provider Recorded Futureabout a threat actor who reportedly promoted several intrusion attempts into India’s critical infrastructure over the past two years.

Recorded Future listed in this study more than a dozen engagement network (IOC) indicators, which would have been used between the end of last year and the first quarter of this against organizations dedicated to the energy sector in India.

Specifically, the researchers determined that more than 10 percent of all active IP addresses were related to industries such as oil and gas or fleet services.

Some of the known vulnerabilities found in the Boa server include arbitrary file access (CVE-2017-9833) and information disclosure (CVE-2021-3358), which would allow attackers malicious code execution remotely once they have gained access to the device.

Microsoft has explained that since these vulnerabilities do not require authentication to be exploited, they make attractive reference points for cybercriminals.

In addition, he recalled that ‘firmware’ updates on IoT devices do not always deploy the SDKs, while the list of information registered on known security vulnerabilities (CVE, for its acronym in English) can allow attackers to initiate attacks and collect confidential data without being detected.

“In critical infrastructure networks, being able to collect information without being detected before the attack allow attackers to have a much greater impact once the attack has started, which can interrupt operations that can cost millions of dollars and affect millions of people”, can be read in this writing.

Related articles

Sergio Massa intervened in the fight between Mercado Pago and the BCRA and asked...

Since the morning of this Wednesday, September 27, rumors began to circulate that the Central Bank of the Argentine Republic would reverse the...

They follow Messi: FIFA also packs his suitcases and disembarks in Miami

Since Lionel Messi moved all his talent to Miami, the eyes of the world are on what is happening with Inter Miami. Following...

The tantalizing scent of rain or freshly baked bread: why can certain smells transport...

My father was a carpenter, meaning I have spent a great deal of my life surrounded by wood, saws, plans...