More and more attackers are targeting Confluence and Data Center and relying on a “critical” classified vulnerability. If attacks are successful, attackers can execute malicious code – and this is exactly what has been happening for several weeks now. Several security researchers are now independently reporting that this is how crypto miners and ransomware end up on vulnerable systems.
The vulnerability (CVE-2022-26134) has been known since the beginning of June and the first attacks have already taken place. Shortly thereafter, Atlassian has the secured versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 released. Exploit code quickly circulated and the situation continued to escalate. The cloud version of Confluence is said to be unaffected by the vulnerability.
Crypto miners and ransomware
Prodaft security researchers are now reporting that attackers are pushing the AvosLocker ransomware through the hole to encrypt data and demand a ransom. Microsoft warns on Twitterthat the blackmail Trojan Cerber2021 is also spreading to unpatched Confluence instances.
Check Point security researchers have observed crypto miner attacks. After successful infections, the malware abuses the instance’s computing power to mine cryptocurrency. Theoretically, attackers could place other malware on systems in this position.
Admins should quickly install the available security updates to protect their instances against the current attacks. If this is not currently possible, they must secure systems using an interim solution documented by Atlassian until the patch is installed.
To home page
#Crypto #miners #encryption #Trojans #slip #Confluence #vulnerability