The Cybersecurity and Infrastructure Security Agency (CISA) reports that criminal Hackers are actively exploiting a critical flaw in the IBM Aspera Faspex file transfer application.
This vulnerability, identified by CISA as CVE-2022-47986, is one of three flaws in the Mitel corporate communication platform that were added to the organization’s catalogue of exploitable flaws this week.
Several security researchers had previously issued warnings before to today’s release. On January 18, IBM released a fix.
The deadline for federal civilian agencies to patch the vulnerability, which has a CVSS score of 9.8 out of 10, is March 14th.
According to the CEO of a cybersecurity firm, Aspera is so popular that it was awarded an Emmy in 2014 for facilitating speedier media production processes by allowing businesses to exchange huge video files in a short amount of time.
According to Broomhead, Aspera has been the go-to option for many years for businesses in industries such as genomics and biomedical research, media production, military signals intelligence, and financial services that need to move massive datasets.
Broomhead further noted that the vulnerability is simple to exploit and would allow a remote attacker to bypass network authentication procedures in order to gain control of the targeted server.
138 instances of Aspera Faspex are available to the public, according to a search on the internet scanning engine Shodan. In addition to IBM, cybersecurity firm ShadowServer has stated it has witnessed exploit attempts since the patch was released.
After alerting IBM on October 6, the security firm AssetNote said it waited a week to publish the attack code on its blog.
According to Ryan Cribelar of Nucleus Security, the technique is frequently employed by major corporations for the rapid and secure transmission of massive files and data sets over great distances.
It’s used in the private and public sectors, including the healthcare and financial sectors. Given the product’s longevity and the fact that most businesses use many IBM products if they use any, he concluded that it must have a sizable customer base. “It’s an IBM product, so you can assume a large customer base,” he said.
Cribelar said the flaw is appealing to attackers for two reasons.
He explained that when internal vulnerability management programmes evolve, “it might live on a device that doesn’t get as consistent scanning coverage as other devices,” and the responsibility for the device’s upkeep could be forgotten. According to the researchers, “these two factors can allow for the vulnerability to have a longer lifetime on the device.”
Cribelar further noted that the susceptible software is often located on the network’s outer perimeter, providing hackers with a valuable entry point into the system of an unsuspecting victim without fear of being discovered too soon.
After last week’s extensive attacks on the GoAnywhere MFT file-transfer software, which led to a breach at one of the largest healthcare providers in the United States affecting more than 1 million people, this is the latest file transfer technology to be abused.
More than 130 businesses were compromised by the Clop ransomware group, according to an announcement made to BleepingComputer.
In 2021, hackers exploited flaws in another file transmission service, Accellion, to routinely attack banks, governments, schools, and businesses.