Main menu

Pages

Edit post

Microsoft accuses attackers of infiltrating power grids by exploiting an old program

amine redouan
(0)

 



Microsoft has warned that hackers are taking advantage of an inactive web server to target organizations in the energy sector. In an analysis published on Tuesday, Microsoft researchers said they discovered open source software in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs). SDKs. Read also list of 4 items list 1 of 4 "Don't like Mask?.. Work with us".. Technology companies attract former Twitter employees list 2 of 4 Fast charging for smartphones.. Does it damage batteries? list 3 of 4 Targets user money.. Google warns of a popular Android application that uses the "dropper" method list 4 of 4 After the failure of Fortnite and Spotify previously.. Can Musk impose his conditions on Apple and Google? end of list Microsoft found while investigating the intrusion of an electric grid, that although the program's services had been discontinued since 2005, Chinese attackers had used hardware with outdated software to gain a foothold in modern operational technology networks, which are used to monitor and control industrial systems. Microsoft said it identified one million BoA server components deployed on the Internet globally over a one-week period, warning that this compromised component poses a "supply chain risk that could affect millions of organizations and devices." Microsoft found that the latest attack was the Tata Power hack in October


Microsoft has warned that hackers are taking advantage of an inactive web server to target organizations in the energy sector.


In an analysis published on Tuesday, Microsoft researchers said they discovered open source software in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs). SDKs.



While investigating the intrusion into an electrical grid, Microsoft found that although the software has been out of service since 2005, Chinese attackers used hardware with outdated software to gain a foothold in modern operational technology networks, which are used to monitor and control industrial systems.


Microsoft said it identified one million BoA server components deployed on the Internet globally over a one-week period, warning that this compromised component poses a "supply chain risk that could affect millions of organizations and devices."


The Microsoft sign is shown on top of the Microsoft Theater in Los Angeles, California, U.S.A. October 19, 2018. REUTERS/Mike Blake

Microsoft found that the latest attack was the Tata Power hack last October (Reuters)

The company added that it continues to see attackers attempting to exploit BoA flaws, which include a critical bug in disclosing confidential information and another bug in accessing system files.


"Known vulnerabilities affecting these components could allow attackers to gather information about network assets before launching attacks, and gain access to a network undetected by obtaining login information," Microsoft said, adding that this could allow attackers to gain "greater impact." much" at the start of the attack.


Microsoft said the most recent attack it noticed was the Tata Power hack in October. This breach led to the Hive ransomware group publishing data stolen from the Indian energy giant, which included sensitive employee information, engineering drawings, financial and banking records, customer records and some private keys.


The company cautioned that mitigating Boa's flaws is difficult due to the continued popularity of the now-defunct web server and the complex nature of its architecture. Microsoft recommends that organizations and network operators patch vulnerable devices whenever possible, identify devices with vulnerable components, and configure detection rules to identify malicious activity.

Comments

Post a Comment