Security News > 2022 > November > Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries
Microsoft said its own investigation into the attack activity uncovered Boa as a common link, assessing that the intrusions were directed against exposed IoT devices running the web server.
"Despite being discontinued in 2005, the Boa web server continues to be implemented by different vendors across a variety of IoT devices and popular software development kits," the company said.
"Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files."
The latest findings once again underscore the supply chain risk arising out of flaws in widely-used network components, which could expose critical infrastructure to breaches via publicly-accessible devices running the vulnerable web server.
The pervasive nature of Boa servers is attributed to the fact that they are integrated into widely-used SDKs, such as those from RealTek, which are then bundled with devices like routers, access points, and repeaters.
"The popularity of the Boa web server displays the potential exposure risk of an insecure supply chain, even when security best practices are applied to devices in the network," Microsoft said.
News URL
https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html
Related news
- AnyDesk says hackers breached its production servers, resets passwords (source)
- AnyDesk says hackers breached its production servers, reset passwords (source)
- Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now (source)
- Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade (source)
- Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation (source)
- Hackers exploit critical RCE flaw in Bricks WordPress site builder (source)
- Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Web-based PLC malware: A new potential threat to critical infrastructure (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)