Free Phone Consultation For New Clients | CONTACT NOW

Cerber2021 Ransomware Back in Action

Zero-day exploits or recently patched/unpatched vulnerabilities are attractive targets for Threat Actors (TAs) to deploy malware efficiently. TAs leverages these vulnerabilities and exploits them to deliver the various types of malware to steal sensitive information for financial gain. On June 11th, 2022, Microsoft tweeted a post where they mentioned that CVE-2022-26134 was being exploited to download and deploy the Cerber2021 ransomware (also known as “CerberImposter”).

TAs could exploit this Object-Graph Navigation Language (OGNL) injection vulnerability to take control of vulnerable servers. If it is successfully exploited, the vulnerability allows unauthenticated attackers to take control of unpatched servers remotely by creating new admin accounts and running arbitrary code on a Confluence server to deliver Cerber2021 ransomware.

Threat Actors (TAs) often rely on vulnerabilities or exploits to target organizations and deliver malware depending on their goals and objectives. This year, there were several zero-day exploits in software such as Confluence and Apache Struts 2 Web App Framework to spread Cerber ransomware to victim systems.

Systems that are not patched against CVE-2022-26134 are at high risk of being infected with Cerber ransomware. The vulnerability could be exploited to deliver Cerber ransomware by connecting to and sending commands to a Confluence server without any interaction from the user. Our analysis shows that TAs reverse the original byte code of a legitimate plugin to craft malicious code. They then create new accounts on the server and use permissions to run malicious commands on vulnerable servers.

It is important for organizations to look into the threat posed by Cerber ransomware as it is just one of many recent ransomware threats posing a lot of risk. It is also important to educate your end users to look out for suspicious incoming emails and attachments, as they are potential modes of delivery.

It is crucial to make sure that you patch vulnerabilities on all your systems so that you don’t fall victim to exploitation by TAs. Ransomware has become a common cyberweapon that TAs used to target businesses and organizations around the world.

Source: Cerber2021 Ransomware Back in Action - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?