One of the targets of the new Mirai variant is CVE-2017-5638, a known remote code execution (RCE) vulnerability in Apache Struts that attackers exploited with Object Graph Navigation Language (OGNL). The remaining 15 vulnerabilities include RCE flaws and an OS command injection security glitch in enterprise-used routers, NVRs, CCTVs and DVRs. The Gafgyt samples exploit CVE-2018-9866, a flaw found in unsupported versions caused by insufficient sanitization of the remote procedure call (XML-RPC).
Researchers uncovered that the Mirai samples were recently moved to a domain with an IP address also hosting the new variants of Gafgyt. The discovery is significant as these are the first recorded Mirai variants targeting Apache Struts. Additionally, these activities may serve as a warning that the incorporation of these multi-exploits for IoT and Linux botnets could indicate that the attackers are moving from consumer devices to enterprise targets with outdated versions, since organizations use the open source application framework to develop Java EE web applications. Left unchecked and unpatched, attackers could use these devices in distributed denial of service (DDoS) campaigns.
Patches released for earlier vulnerabilities should be updated as soon as possible. Additionally, make sure that your home network security is updated, as a compromised home device can also expose enterprise assets to risks. Here are some suggestions to improve your digital security hygiene:
Trend Micro Solutions
The Trend Micro™ Deep Security™ solution provides virtual patching that protects gateways, servers and endpoints from threats that abuse vulnerabilities in critical applications such as Apache Struts. The Trend Micro™ TippingPoint® system provides virtual patching and extensive zero-day protection against network-exploitable vulnerabilities via Digital Vaccine™ filters.
The Trend Micro Smart Home Network™ has protected customers from these threats since 2017 via these rules:1133528 WEB Apache Struts 2 Remote Code Execution -1.1 (CVE-2017-5638)
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.