According to the Cybersecurity and Infrastructure Security Agency, a critical flaw is being actively exploited by hackers in the widely-used IBM Aspera Faspex file transfer application. (CISA).
This vulnerability, tracked as CVE-2022-47986, was one of three flaws in the Mitel corporate telephony system that were added to CISA’s database of exploitable flaws this week.
There are “significant risks to the federal enterprise,” according to the agency, because of the IBM flaw. While CISA’s notifications are intended for the federal government, many of the same precautions should be taken in the private sector.
This news comes after researchers in the field of security issued multiple warnings over the course of the previous month. The 18th of January was the day IBM released a fix.
The CVSS score of this vulnerability is 9.8, and federal civilian agencies have until March 14 to implement a fix.
According to Bud Broomhead, CEO of cybersecurity firm Viakoo, Aspera is so popular that it was awarded an Emmy in 2014 for facilitating speedier media production workflows by allowing businesses to rapidly transfer huge video files.
According to Broomhead, Aspera has been the go-to option for many years for businesses in industries such as genomics and biomedical research, media production, military signals intelligence, and financial services that need to move massive datasets.
Broomhead further noted that the vulnerability is straightforward to exploit and would allow a remote attacker to perform actions on a device without first bypassing network authentication procedures.
After conducting a search on the internet scanning engine Shodan, we found that 138 instances of Aspera Faspex were available to the public. Following IBM’s publication of the fix, cybersecurity firm ShadowServer also stated it had witnessed attempts to exploit the vulnerability.
AssetNote, a security firm, reported the flaw to IBM on October 6 and said it waited a week after the patch was released before publishing the exploit code on its blog.
According to Ryan Cribelar of Nucleus Security, the solution is utilized by major corporations for the swift and secure transmission of massive files or data sets over great distances.
It’s used by the government, the healthcare sector, and the financial sector, among others. Since it is an IBM product and has been around for quite some time, and since most businesses use numerous IBM products if they use any, it is safe to infer that there is a sizable user base for it.
Cribelar said the flaw is appealing to attackers for two reasons.
He explained that when internal vulnerability management programs evolve, “it might live on a device that doesn’t get as consistent scanning coverage as other devices,” and the responsibility for the device’s upkeep could be forgotten. The vulnerability may remain on the device for a longer period of time because of these two causes.
With the addition of Cribelar’s observation that the susceptible software is often located on the network’s outer perimeter, it becomes a valuable portal for hackers to achieve persistence in a victim’s system without the risk of being caught quickly.
After last week’s hack at one of the top healthcare providers in the United States, affecting over 1 million people, this is the latest file transfer mechanism to be attacked.
More than 130 businesses were compromised by the Clop ransomware group, according to an announcement made to BleepingComputer.
In 2021, hackers exploited flaws in another file transmission service, Accellion, to routinely attack banks, government agencies, universities, and businesses.
