Almost a Fifth of Global Firms Targeted with Spring4Shell

Security

Security researchers have observed tens of thousands of attempts to exploit the critical new SpringShell (Spring4Shell) vulnerability within days of its publication.

Check Point Research claimed to have spotted 37,000 such attempts within the first four days, which it extrapolated to calculate that around 16% of global organizations were affected.

Europe accounted for the largest number of incidents (20%) and the software industry was the most affected vertical (28%).

There were actually three vulnerabilities found in the open-source Spring Framework late last week, although the main one is CVE-2022-22965 (SpringShell/Spring4Shell), a critical remote code execution (RCE) bug in the Spring Core.

It can be exploited if attackers send a specially crafted query to a web server running the Spring Core framework.

The other two are thought to be less serious RCE flaws in the Spring Cloud Function (CVE-2022-22963) and the Spring Cloud Gateway (CVE-2022-22947).

The seriousness of SpringShell was confirmed when the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its lengthening Known Exploited Vulnerabilities Catalog, meaning all civilian federal agencies are mandated to patch it within a narrow timeframe.

Impacted systems will be running Java Development Kit (JDK) version 9.0 or later and Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions.

Concerns were raised when the CVEs broke last week that SpringShell could be as bad as the infamous Log4Shell bug discovered at the end of 2021. However, this is unlikely given the conditions required to exploit the vulnerability.

Microsoft seems to agree, noting that most of the limited exploit attempts it has seen are designed to drop a web shell on targeted Apache Tomcat servers.

“Microsoft regularly monitors attacks against our cloud infrastructure and services to defend them better. Since the Spring Core vulnerability was announced, we have been tracking a low volume of exploit attempts across our cloud services for Spring Cloud and Spring Core vulnerabilities,” it explained.

“Microsoft’s continued monitoring of the threat landscape has not indicated a significant increase in quantity of attacks or new campaigns at this time.”

Products You May Like

Articles You May Like

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
US Government Issues Cloud Security Requirements for Federal Agencies
US Organizations Still Using Kaspersky Products Despite Ban
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Leave a Reply

Your email address will not be published. Required fields are marked *