DarkIRC Bot Hits Oracle WebLogic vuln, Steals Bitcoin, Hijacks Browsers – Experts Perspective

In response to new research that the DarkIRC bot exploits recent Oracle WebLogic vulnerability to drop attacks such as a browser stealer, a keylogger, a Bitcoin Clipper, a worm and other threats, cybersecurity experts offer perspective below.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chloé Messdaghi
Chloé Messdaghi , VP of Strategy
InfoSec Expert
December 2, 2020 12:16 pm

The fix for this vulnerability was issued two months ago and updated last month. We don’t know if the persons who started advertising this in Aug 2020 used it at some point, but it’s certainly possible.

This is why updating and patching is so important, and why reliance on vulnerability scanners alone is a poor strategy. It’s important that security team members have input into patch prioritization, and that organizations look seriously at exactly how their patch priorities are set. Are they the head of IT or security? By team decision?

The real question here is: why doesn\’t something get patched right away? What are the reasons for an outstanding vulnerability to linger?

It’s discouraging that recently CISA needed to issue a warning asking companies to implement patches that in some cases had been available for over a year.

Also, it’s good to see that more researchers are careful to use the term “attacker” for those who launch or enable attacks, recognizing the difference between those threat actors and the hacker community, which discovers and generally attempts to disclose vulnerabilities before an attacker can exploit them. Kudos there!

Last edited 1 year ago by Chloé Messdaghi
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
December 2, 2020 12:14 pm

Attackers are constantly evolving their methods, often incorporating exploits shortly after they\’re revealed. The exploit DarkIRC bot is now leveraging ( CVE-2020-14882 ) against Oracle WebLogic was corrected in October 2020 after being revealed 4 months earlier in June. While the patch has been out for a month, that is not actually that long given normal maintenance and patch cycles. However, it points to an ongoing issue in our ability to keep our systems up to date and get vital security patches in place quickly. Security analytics tools can help us identify where patches need to go in and recognize attacks when they take place, but we still need to improve our maintenance processes to reduce our risk from known vulnerabilities.

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x