Attackers are exploiting a critical vulnerability in the IBM file-sharing application in a hack that installs ransomware on servers, security researchers warn.
IBM Aspera Faspex is a centralized file exchange application used by large organizations to transfer large or large numbers of files at very high speeds. Instead of relying on TCP-based technologies such as FTP to move files, Aspera uses his FASP (which stands for Fast, Adaptive, and Secure Protocol), IBM’s own, to use available network bandwidth. Makes better use of width. The product also offers fine-grained controls that allow users to easily send files to distribution lists or shared inboxes or workgroup recipient lists, providing an email-like workflow for forwarding.
In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 patch level 1 and earlier, and urged users to install an update to patch the vulnerability. This vulnerability, tracked as CVE-2022-47986, allows unauthenticated attackers to remotely execute malicious code by sending specially crafted calls to older programming interfaces. Become. Due to the ease of exploiting the vulnerability and the potential damage that could result, CVE-2022-47986 was rated 9.8 out of 10.
On Tuesday, researchers at security firm Rapid7 said they recently responded to an incident in which a customer was compromised using the vulnerability.
“Rapid7 is aware of at least one recent incident in which a customer was compromised by CVE-2022-47986,” the company’s researchers wrote. “Given the active exploits and the fact that Aspera Faspex is typically installed at the network perimeter, we strongly recommend patching urgently rather than waiting for the normal patching cycle to occur. .”
According to other researchers, this vulnerability has been exploited to install ransomware. For example, researchers at Sentinel One recently said that a ransomware group known as IceFire is exploiting his CVE-2022-47986 to install a freshly crafted Linux version of its file-encrypting malware. I was. Previously, this group only pushed Windows versions that were installed using phishing emails. Linux servers are difficult to carry out phishing attacks, so IceFire used his IBM vulnerability to spread its Linux version.Researchers also found that the vulnerability be exploited Install ransomware known as Buhti.
As previously mentioned, IBM patched this vulnerability in January. IBM reissued the advisory earlier this month to make sure no one misses it. For those wishing to better understand this vulnerability and how to mitigate potential attacks against Aspera Faspex servers, check out his posts from security firm Assetnote and Rapid7 here and here.
