Security News > 2021 > October > Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware
Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that's being actively exploited by threat actors to deploy ransomware on vulnerable systems.
CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully leveraged to gain initial access to an unnamed U.S. engineering company and mount a ransomware attack, American cybersecurity firm Huntress Labs said.
According to its website, BQE Software's products are used by 400,000 users worldwide.
"Hackers can use this to access customers' BillQuick data and run malicious commands on their on-premises Windows servers," Huntress Labs threat researcher Caleb Stewart said in a write-up.
Essentially, the vulnerability stems from how BillQuick Web Suite 2020 constructs SQL database queries, enabling attackers to inject a specially-crafted SQL via the application's login form that could be used to remotely spawn a command shell on the underlying Windows operating system and achieve code execution, which, in turn, is made possible by the fact that the software runs as the "System Administrator" user.
"Sometimes, a productivity tool or even an add-on can be the door that hackers step through to gain access to an environment and carry out their next move."
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-22 | CVE-2021-42258 | SQL Injection vulnerability in BQE Billquick web Suite BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. | 9.8 |