Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware

Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware

November 2, 2023 at 05:17PM

More than 3,000 Apache ActiveMQ Servers are at risk of a critical remote code execution vulnerability. An attacker has already started targeting the vulnerability to deploy ransomware. The flaw allows remote attackers to execute arbitrary commands on affected systems. Proof-of-concept exploit code and details of the vulnerability are publicly available, making it easier for threat actors to launch attacks. Researchers have observed ransomware activity targeting organizations with outdated versions of Apache ActiveMQ. It is advised that organizations patch quickly to protect against future exploitation.

Key Takeaways from the Meeting Notes:

1. More than 3,000 Internet-accessible Apache ActiveMQ Servers are exposed to a critical remote code execution vulnerability (CVE-2023-46604).
2. There is active exploitation of the vulnerability by threat actors who are using it to drop ransomware.
3. Proof-of-concept exploit code and full details of the vulnerability are publicly available, making it easier for attackers to launch attacks.
4. Researchers have observed exploit activity targeting the vulnerability, with ransomware being deployed on target systems.
5. The HelloKitty ransomware family is being used in some of the attacks and has been active since at least 2020.
6. Exploit code for the vulnerability has been publicly available for a week, and the observed threat activity appears to be automated and not sophisticated.
7. Over 3,000 Internet-connected ActiveMQ systems are vulnerable to attack.
8. The vulnerability affects multiple versions of Apache ActiveMQ, and the Apache Software Foundation has released updated versions to mitigate the risk.
9. The vulnerability has a severity score of 10.0 on the CVSS scale, indicating its criticality.
10. The vulnerability is an insecure deserialization bug, which is a common type of vulnerability that allows adversaries to execute malicious code.

Recommendations:
1. Organizations using Apache ActiveMQ should patch their systems quickly to protect against potential future exploitation.
2. Upgrading to the fixed version of Apache ActiveMQ is recommended to mitigate the risk.
3. It is important to regularly monitor and update software to stay protected against known vulnerabilities.
4. Employee awareness and training about cybersecurity best practices should be emphasized to prevent successful attacks.

Full Article