Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
One mistake paralyzed India's financial system.
On August 1, a large-scale failure of bank payment systems occurred in India due to a ransomware attack on the service provider of some banks-C-Edge Technologies. The Juniper Networks team detailed the hacking process in their report.
C-Edge Technologies was vulnerable due to an incorrectly configured Jenkins server. It was the server that became the starting point of the attack, which allowed attackers to gain unauthorized access to the company's systems and implement a ransomware program. Behind the attack is the RansomEXX group, which has long been known for its attacks on businesses, government agencies, and banking organizations around the world.
The vulnerability that was used for the attack, CVE-2024-23897 (CVSS score: 9.8), allows an attacker to read arbitrary files in the Jenkins controller file system and execute malicious code without authentication.
With extensive knowledge of the Jenkins flaws, many security researchers have replicated certain attack scenarios and created working PoC exploits for the specified vulnerability, publishing them on GitHub.
The attack started when hackers sent a POST request to the Jenkins server, trying to execute a malicious command. The server processed the request, which gave attackers access to important information, including data about system users. Later it turned out that the problem was in one of the server's software parts, which incorrectly processed such requests, which allowed cybercriminals to bypass the protection and gain access to server commands. Subsequent execution of commands and output of results via Jenkins were performed using the Wireshark network analysis tool.
Juniper Networks specialists noted that the attack on C-Edge Technologies highlights the importance of regular updates and fixes for all software solutions used. In this case, the vulnerability in Jenkins could have been prevented by a timely update and proper configuration of the server. The incident also demonstrates the need for strict configuration management, especially in the case of critical systems such as Jenkins servers.
In addition, the incident highlights the need to adopt the Zero Trust model, which implies that no device or user should be trusted by default. Constant verification of all operations and users is the key to protecting against such threats.
Source
On August 1, a large-scale failure of bank payment systems occurred in India due to a ransomware attack on the service provider of some banks-C-Edge Technologies. The Juniper Networks team detailed the hacking process in their report.
C-Edge Technologies was vulnerable due to an incorrectly configured Jenkins server. It was the server that became the starting point of the attack, which allowed attackers to gain unauthorized access to the company's systems and implement a ransomware program. Behind the attack is the RansomEXX group, which has long been known for its attacks on businesses, government agencies, and banking organizations around the world.
The vulnerability that was used for the attack, CVE-2024-23897 (CVSS score: 9.8), allows an attacker to read arbitrary files in the Jenkins controller file system and execute malicious code without authentication.
With extensive knowledge of the Jenkins flaws, many security researchers have replicated certain attack scenarios and created working PoC exploits for the specified vulnerability, publishing them on GitHub.
The attack started when hackers sent a POST request to the Jenkins server, trying to execute a malicious command. The server processed the request, which gave attackers access to important information, including data about system users. Later it turned out that the problem was in one of the server's software parts, which incorrectly processed such requests, which allowed cybercriminals to bypass the protection and gain access to server commands. Subsequent execution of commands and output of results via Jenkins were performed using the Wireshark network analysis tool.
Juniper Networks specialists noted that the attack on C-Edge Technologies highlights the importance of regular updates and fixes for all software solutions used. In this case, the vulnerability in Jenkins could have been prevented by a timely update and proper configuration of the server. The incident also demonstrates the need for strict configuration management, especially in the case of critical systems such as Jenkins servers.
In addition, the incident highlights the need to adopt the Zero Trust model, which implies that no device or user should be trusted by default. Constant verification of all operations and users is the key to protecting against such threats.
Source
