Attackers Exploit Exposed ASP.NET Keys to Deploy Malware, here is what you need to know.

  • Home » Attackers Exploit Exposed ASP.NET Keys to Deploy Malware, here is what you need to know.
SpyLend
Featured News Latest News Latest Vulnerabilities Recommended News Security , , , , ,

Attackers Exploit Exposed ASP.NET Keys to Deploy Malware, here is what you need to know.

In a recent revelation, Microsoft has identified a concerning trend where attackers are exploiting exposed ASP.NET machine keys to deploy malware. This method, known as ViewState code injection attacks, poses a significant threat to web applications using ASP.NET.

malware-1200x630-1-1024x538 Attackers Exploit Exposed ASP.NET Keys to Deploy Malware, here is what you need to know.

The Discovery

Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code. This discovery was made in December 2024, and it has since raised alarms about the security practices of developers.

How the Attack Works

Attackers are using publicly disclosed ASP.NET machine keys found in code documentation and repositories to perform malicious actions on target servers. These keys, which include ValidationKey and DecryptionKey, are used by ASP.NET Web Forms to preserve page and control state between postbacks. When these keys are stolen or made accessible to threat actors, they can craft a malicious ViewState and send it to the website via a POST request. The ASP.NET Runtime on the targeted server then decrypts and validates the ViewState successfully, allowing the malicious code to run.

The Scale of the Problem

Microsoft has identified over 3,000 publicly disclosed keys that could be used for these types of attacks. Unlike previously known attacks that used compromised or stolen keys sold on dark web forums, these publicly disclosed keys are available in multiple code repositories and could have been pushed into development code without modification.

Recommendations for Security

To mitigate this risk, Microsoft recommends that organizations do not copy keys from publicly available sources and regularly rotate keys. Additionally, Microsoft Defender for Endpoint can help detect publicly disclosed keys and provide further protection. Developers are also advised to secure machine keys and monitor configuration files to prevent unauthorized access.

Conclusion

The exploitation of exposed ASP.NET keys highlights the importance of secure coding practices and the need for vigilance in protecting sensitive information. By following Microsoft’s recommendations and implementing robust security measures, organizations can reduce the risk of falling victim to these attacks.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment