Hackers Target HFS Servers to Drop Malware and Monero Miners. Here is what to know, a quick look
In a concerning trend, cybercriminals are exploiting vulnerabilities in older versions of the HTTP File Server (HFS) from Rejetto. Their goal? To infiltrate servers and deploy malicious payloads, including malware and Monero cryptocurrency miners. Let’s explore the intricacies of these HFS Servers attacks.
The Vulnerable HFS Servers
HFS, a lightweight file-sharing application, has been a staple for users seeking an easy way to share files across networks. However, outdated installations have become prime targets for cyber adversaries. These attackers exploit known security flaws to gain unauthorized access.
The Malicious Payloads in HFS Servers
1. Malware Droppers
Hackers use HFS vulnerabilities as entry points to deliver malware. These malicious payloads can take various forms, from ransomware to rootkits. The choice of attack depends on the attacker’s objectives. For instance, the notorious Gandcrab ransomware has been dropped via HFS vulnerabilities in the past.
2. Monero Miners
Cryptocurrency mining, specifically Monero (XMR), has become a lucrative venture for cybercriminals. By compromising HFS servers, attackers install XMRig—a Monero mining software—on the compromised systems. The mining process consumes server resources, generating profits for the attackers while causing performance degradation for legitimate users.
The Exploited Vulnerabilities
Several vulnerabilities have been leveraged in these attacks:
- CVE-2019–3396: Previously used for Gandcrab ransomware drops, this bug now facilitates the deployment of rootkits and cryptocurrency mining malware.
- CVE-2013-2618: An old vulnerability in Cacti’s Network Weathermap plug-in, exploited to infect Linux servers with Monero mining malware.
- CVE-2021-26084 and CVE-2021-26085: Atlassian Confluence vulnerabilities targeted for malicious cryptocurrency mining activities.
- CVE-2020-5902 and CVE-2021-22986: Exploited in F5 BIG-IP servers for similar purposes.
Mitigation Strategies
To safeguard HFS servers, administrators should:
- Regularly update HFS to the latest version.
- Monitor server logs for suspicious activity.
- Implement network segmentation to limit the impact of successful attacks.
- Educate users about safe file-sharing practices.
In conclusion, the battle against cyber threats requires vigilance and proactive measures. By staying informed and securing our servers, we can mitigate the risks posed by these attacks
You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.
Share this content:
1 comment