Security News > 2021 > August > HolesWarm Malware Exploits Unpatched Windows, Linux Servers

By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June.

The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to the malware as the "King of Vulnerability Exploitation."

The Tencent team observed HolesWarm using high-risk vulnerabilities in various common office server components, including Apache Tomcat, Jenkins, Shiro, Spring boot, Structs2, UFIDA, Weblogic, XXL-JOB and Zhiyuan.

"Tencent security experts recommend that the operation and maintenance personnel of government and enterprise organizations actively repair high-risk vulnerabilities in related network components to avoid servers a broiler controlled by hackers."

Of course, without unpatched servers lingering out there with known security holes the virus wouldn't have anywhere to spread. Yaniv Bar-Dayan, EO of Vulcan Cyber told Threatpost leaving unmitigated vulnerabilities exposed to hackers is "Inexcusable."

"Organizations with exploitable known vulnerabilities should feel lucky if the worst that happens to their digital estate is a HolesWarm cryptominer deployment."

News URL

https://threatpost.com/holeswarm-malware-windows-linux/168759/