CVE-2024-27198 opened a compromise portal for hackers. When will the administrators close it?
Attackers continue to actively exploit vulnerabilities in the JetBrains TeamCity software, deploying ransomware, cryptocurrency miners, Cobalt Strike beacons, and Spark RAT remote access Trojans.
The key security flaw most often exploited by attackers is identified as CVE-2024-27198 (9.8 on the CVSS scale). This vulnerability allows you to bypass authentication in the TeamCity web component, execute arbitrary code, and take control of servers, which threatens data security. We first reported on this vulnerability in early March.
In a recent report, Trend Micro note that after gaining access, attackers install malware that can execute commands remotely, including deploying additional threats. One of the targets of the attacks is to encrypt files and demand ransom from victims.
The vulnerability has previously been used to spread the BianLian and Jasmin virus families, as well as the XMRig and Spark RAT miner. Experts urge all organizations using TeamCity to immediately update their software to prevent possible attacks.
The situation is aggravated by the fact that the security company Rapid7 previously published exhaustive details about the vulnerability too early, without coordinating this moment with JetBrains. As a result, the company just started distributing fixes, and the exploit for the vulnerability was already developed and was actively used by attackers. Usually, such disclosures are made at least a few weeks or even months after the breach is closed.
In addition, recent security reports from various information security companies highlight the growing collaboration between different groups of ransomware, which makes them more difficult to detect and attribute. Some groups, faced with the actions of law enforcement agencies, become more mobile and difficult to identify.
Experts also note an increase in the use of legitimate software and security bypass techniques to infect victims, including the BYOVD technique to disable security solutions at the system core level.
A key aspect in the fight against cyber threats is not only rapid software updates, but also the development of a comprehensive approach to cybersecurity, including staff training and investment in modern security technologies.
In the context of increasing cyber threats, the importance of international cooperation and information exchange in the field of cybersecurity cannot be overemphasized. Organizations must take all measures to protect themselves against the ever-changing landscape of cyber threats.
Attackers continue to actively exploit vulnerabilities in the JetBrains TeamCity software, deploying ransomware, cryptocurrency miners, Cobalt Strike beacons, and Spark RAT remote access Trojans.
The key security flaw most often exploited by attackers is identified as CVE-2024-27198 (9.8 on the CVSS scale). This vulnerability allows you to bypass authentication in the TeamCity web component, execute arbitrary code, and take control of servers, which threatens data security. We first reported on this vulnerability in early March.
In a recent report, Trend Micro note that after gaining access, attackers install malware that can execute commands remotely, including deploying additional threats. One of the targets of the attacks is to encrypt files and demand ransom from victims.
The vulnerability has previously been used to spread the BianLian and Jasmin virus families, as well as the XMRig and Spark RAT miner. Experts urge all organizations using TeamCity to immediately update their software to prevent possible attacks.
The situation is aggravated by the fact that the security company Rapid7 previously published exhaustive details about the vulnerability too early, without coordinating this moment with JetBrains. As a result, the company just started distributing fixes, and the exploit for the vulnerability was already developed and was actively used by attackers. Usually, such disclosures are made at least a few weeks or even months after the breach is closed.
In addition, recent security reports from various information security companies highlight the growing collaboration between different groups of ransomware, which makes them more difficult to detect and attribute. Some groups, faced with the actions of law enforcement agencies, become more mobile and difficult to identify.
Experts also note an increase in the use of legitimate software and security bypass techniques to infect victims, including the BYOVD technique to disable security solutions at the system core level.
A key aspect in the fight against cyber threats is not only rapid software updates, but also the development of a comprehensive approach to cybersecurity, including staff training and investment in modern security technologies.
In the context of increasing cyber threats, the importance of international cooperation and information exchange in the field of cybersecurity cannot be overemphasized. Organizations must take all measures to protect themselves against the ever-changing landscape of cyber threats.
