Nov 23 – According to Microsoft, cyber criminals are exploiting a discontinued web server found in popular Internet of Things (IoT) devices, and are using it in order to target energy sector organizations.

Microsoft’s analysis

On Tuesday, Microsoft researchers stated that they had discovered a vulnerable open-source element in the Boa web server. This server is still widely used in routers and security cameras, along with popular software development kits (SDKs).

Microsoft discovered the issue while investigating a suspected electric grid intrusion in India, which was first reported on by Recorded Future in April of this year. In the aforementioned attack, intruders used IoT devices to gain a foothold on operational technology (OT) networks.  

A million vulnerabilities

Microsoft says that in the course of a week, the company discovered one million internet-exposed Boa server components. The vulnerable components present a “supply chain risk that may affect millions of organizations and devices.”

Attackers are attempting to exploit Boa flaws, which include a high-severity information disclosure bug (CVE-2021-33558) and an arbitrary file access flaw (CVE-2017-9833).

Mitigating the Boa flaw may prove challenging on account of the web server involved and due to how it is embedded into the IoT device supply chain. Microsoft advocates for organizations and network operators to patch vulnerable devices where feasible. In addition, IT professionals can identify devices with vulnerable components and configure detection rules to pick up on malicious behaviors.

The widespread use of select network components does pose a supply chain risk, as we saw earlier this year with Log4Shell.

For more on this story, click here. See CyberTalk.org’s Critical National Infrastructure threat prevention eBook right here.  Lastly, discover new trends, expert interviews, and so much more – subscribe to the CyberTalk.org newsletter.