NSA warns of wave of cyber attacks on Exim servers by Russian group Sandworm – Tenable review

NSA warns of wave of cyber attacks on Exim servers by Russian group Sandworm - Tenable review Cybersecurity

NSA warns of wave of cyber attacks on Exim servers by Russian group Sandworm – Tenable review

This Thursday, May 28, 2020, the NSA issued a security alert
announcing a wave of cyberattacks against mail servers,
led by one of the Russian advanced cyber-spy groups.

Also known as “Sandworm”, this group hackers
Exim servers since August 2019 by exploiting a vulnerability
reviewer identified as CVE-2019-10149. The Sandworm group is active
since the mid-2000s and would be the group of hackers having
developed the BlackEnergy malware that caused a power outage
in Ukraine in December 2015 and December 2016. It would be
also from the group that developed the infamous
NotPetya ransomware that has caused billions of US dollars to
damage to businesses around the world.

Satnam Narang, Staff research engineer at Tenable explains:

“The NSA recently released [1] cybersecurity notice
warning that actors in the Russian nation state were exploiting
CVE-2019-10149, a critical vulnerability allowing execution
Remote Control in the Mail Transfer Agent (MTA)
Unix known as Exim since August 2019. Although
patches were made available in June 2019, or there are
nearly a year, security researchers have observed attempts
operating assets in the rough, barely four days after
the initial correction of the flaw. At the time, 4.1 million
online systems were running a vulnerable version of Exim,
based on the results of research in Shodan. Today, close
half a million servers are still vulnerable to
CVE-2019-10149.

Whether it’s a nation state or malicious people
motivated by financial gain, this is another reminder of
the tendency of cybercriminals to target easy targets. The
zero-day vulnerabilities attract a lot of attention, but in
practical, these are the uncorrected vulnerabilities known to the public
that offer cybercriminals the best return. Indeed,
many organizations find it difficult to keep pace with
new vulnerabilities discovered, thereby giving
cyber criminals the opportunity to infiltrate into systems
exploiting such flaws.

This NSA warning follows a recent CISA advisory,
the US cybersecurity and security agency
infrastructure that revealed the top 10 vulnerabilities
regularly exploited [2]. Again, the list indicates that
most cybercriminals choose not to deploy their
zero-day vulnerability efforts, targeting more
uncorrected, publicly known, and present vulnerabilities in
a variety of software like Exim. “

www.globalsecuritymag.fr

Rate article
Add comment