A large number of routers and objects connected to the web contain code that has been obsolete for more than 15 years and contains several critical bugs. Hackers would use it as an entry point to attack the infrastructure of certain companies, especially in the energy sector.
Microsoft just released a report on an ongoing wave of attacks. Hackers are targeting specific devices that can compromise companies’ internal networks, specifically targeting the energy sector. This follows an initial report by Recorded Future in April of attacks in India attributed to a group of hackers backed by the Chinese government.
Microsoft investigated and discovered that hackers infiltrate systems through the presence of the Boa web server, a software component that has been obsolete since 2005. Boa is included in routers, connected objects, and in software development kits (SDKs). This component contains several critical bugs, including arbitrary file access (CVE-2017-9833) and information disclosure (CVE-2021-33558).
Over a million devices on display
These vulnerabilities can be exploited without authentication. Once the device containing the Boa server is compromised, hackers can use it to attack the rest of the company’s internal network. The latest attack took place in October against Indian company Tata Power. The Hive hacker group had demanded a ransom and then published the stolen data on the dark web when the company refused to pay.
Microsoft has detected the presence of the Boa Server on more than a million internet-connected devices, which means a large number of companies could be vulnerable to attacks.