Researchers have discovered a cryptojacking campaign exploits an old vulnerability in Cacti’s Network Weathermap plug-in, an open source tool which is used by network administrators to visualize network activity. The vulnerability was disclosed in April 2013 and the patch has been available for almost five years, but attackers are still using it to help mine cryptocurrency in 2018. Patrick Bedwell, VP at Lastline commented below.
Patrick Bedwell, VP at Lastline:
AlienVault posted a blog earlier this year showing that of the top 10 vulnerabilities cited in vendor reports its Open Threat Exchange (OTX) in 2017, 2 were from 2012, 1 from 2013 and 1 from 2014.
Deploying patches in a timely manner is essential to avoid being compromised by old vulnerabilities. A related issue is knowing what systems are on the network in the first place–often these unpatched systems are not on a current asset list, and are unknown by the IT team and therefore not patched. They could have been stood up in a test lab by an employee who’s no longer with the organization, or in a remote office where the IT team doesn’t have visibility. In any event, they’re on a network and vulnerable to attack.
So, asset inventory and patch management are two very basic but essential functions that can prevent organizations from being victimized by 5-year old vulnerabilities.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.