Hackers Target HFS Servers to Drop Malware and Monero Miners. Here is what to know, a quick look

Bootkitty

Hackers Target HFS Servers to Drop Malware and Monero Miners. Here is what to know, a quick look

In a concerning trend, cybercriminals are exploiting vulnerabilities in older versions of the HTTP File Server (HFS) from Rejetto. Their goal? To infiltrate servers and deploy malicious payloads, including malware and Monero cryptocurrency miners. Let’s explore the intricacies of these HFS Servers attacks.

security-1024x683 Hackers Target HFS Servers to Drop Malware and Monero Miners. Here is what to know, a quick look

The Vulnerable HFS Servers

HFS, a lightweight file-sharing application, has been a staple for users seeking an easy way to share files across networks. However, outdated installations have become prime targets for cyber adversaries. These attackers exploit known security flaws to gain unauthorized access.

The Malicious Payloads in HFS Servers

1. Malware Droppers

Hackers use HFS vulnerabilities as entry points to deliver malware. These malicious payloads can take various forms, from ransomware to rootkits. The choice of attack depends on the attacker’s objectives. For instance, the notorious Gandcrab ransomware has been dropped via HFS vulnerabilities in the past.

2. Monero Miners

Cryptocurrency mining, specifically Monero (XMR), has become a lucrative venture for cybercriminals. By compromising HFS servers, attackers install XMRig—a Monero mining software—on the compromised systems. The mining process consumes server resources, generating profits for the attackers while causing performance degradation for legitimate users.

The Exploited Vulnerabilities

Several vulnerabilities have been leveraged in these attacks:

  1. CVE-2019–3396: Previously used for Gandcrab ransomware drops, this bug now facilitates the deployment of rootkits and cryptocurrency mining malware.
  2. CVE-2013-2618: An old vulnerability in Cacti’s Network Weathermap plug-in, exploited to infect Linux servers with Monero mining malware.
  3. CVE-2021-26084 and CVE-2021-26085: Atlassian Confluence vulnerabilities targeted for malicious cryptocurrency mining activities.
  4. CVE-2020-5902 and CVE-2021-22986: Exploited in F5 BIG-IP servers for similar purposes.

Mitigation Strategies

To safeguard HFS servers, administrators should:

  • Regularly update HFS to the latest version.
  • Monitor server logs for suspicious activity.
  • Implement network segmentation to limit the impact of successful attacks.
  • Educate users about safe file-sharing practices.

In conclusion, the battle against cyber threats requires vigilance and proactive measures. By staying informed and securing our servers, we can mitigate the risks posed by these attacks


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

1 comment

comments user
binance odkazov’y kód

Thanks for sharing. I read many of your blog posts, cool, your blog is very good.

Post Comment