Unchecked WS_FTP Servers: A Breeding Ground for Ransomware Attacks
2023-10-16
In the world of cybersecurity, the adage "a stitch in time saves nine" has never been more pertinent. Evidence of this truth is the recent wave of ransomware attacks targeting unpatched instances of WS_FTP Server, exposing organizations to potentially crippling cyber threats. Cybersecurity company, Sophos X-Ops, recently unraveled an attack attempt instigated by a somewhat obscure cybercriminal group, the Reichsadler Cybercrime Group, using the LockBit 3.0 builder.
The alarming shift in focus towards exploiting the vulnerability in the WS_FTP Server software came as soon as reports of the flaw became public knowledge. Progress Software, the developers of WS_FTP Server, had promptly released a fix in September 2023, but not all servers have been updated with the patch. The Sophos X-Ops team observed that the cybercriminals attempted to launch the ransomware through these unpatched services, albeit unsuccessfully.
The Reichsadler Cybercrime group, in their botched attempt, sought to acquire elevated privileges using an open-source tool known as GodPotato. Despite their failure, they left a ransom note asking for $500 in cryptocurrency, an act that led researchers to speculate that the attackers may not be highly experienced or had set up an automated attack targeting multiple companies. With nearly 2,000 vulnerable instances noted in a Shodan listing, it’s clear that the threat landscape remains vast.
A fortnight ago, Progress published a security advisory outlining fixes for a total of eight vulnerabilities, two of which are considered critical. These are tracked as CVE-2023-40044, with a severity rating of 10/10, and CVE-2023-42657, rated 9.9/10. These vulnerabilities, if left unpatched, can give threat actors the ability to execute a variety of malicious actions, including remote code execution.
In a concerning development, Progress’s other product, MOVEit, was recently implicated in a data theft scandal that affected over 2,500 organizations and more than 64 million individuals. This unfortunate incident underscores the importance of consistently updating software and staying abreast of the latest security updates and patches. The recent wave of attacks on WS_FTP servers is a stark reminder that unpatched software is a ticking time bomb in the digital infrastructure of any organization. Prompt action to patch software vulnerabilities is not just advisable, it is absolutely essential.
Leave a comment
Your comment is awaiting moderation. We save your draft here
0 Comments