DarkIRC Bot Hits Oracle WebLogic vuln, Steals Bitcoin, Hijacks Browsers – Experts Perspective

In response to new research that the DarkIRC bot exploits recent Oracle WebLogic vulnerability to drop attacks such as a browser stealer, a keylogger, a Bitcoin Clipper, a worm and other threats, cybersecurity experts offer perspective below.

Experts Comments

December 02, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
The fix for this vulnerability was issued two months ago and updated last month. We don’t know if the persons who started advertising this in Aug 2020 used it at some point, but it’s certainly possible. This is why updating and patching is so important, and why reliance on vulnerability scanners alone is a poor strategy. It’s important that security team members have input into patch prioritization, and that organizations look seriously at exactly how their patch priorities are set. Are.....Read More
The fix for this vulnerability was issued two months ago and updated last month. We don’t know if the persons who started advertising this in Aug 2020 used it at some point, but it’s certainly possible. This is why updating and patching is so important, and why reliance on vulnerability scanners alone is a poor strategy. It’s important that security team members have input into patch prioritization, and that organizations look seriously at exactly how their patch priorities are set. Are they the head of IT or security? By team decision? The real question here is: why doesn't something get patched right away? What are the reasons for an outstanding vulnerability to linger? It’s discouraging that recently CISA needed to issue a warning asking companies to implement patches that in some cases had been available for over a year. Also, it’s good to see that more researchers are careful to use the term “attacker” for those who launch or enable attacks, recognizing the difference between those threat actors and the hacker community, which discovers and generally attempts to disclose vulnerabilities before an attacker can exploit them. Kudos there!  Read Less
December 02, 2020
Saryu Nayyar
CEO
Gurucul
Attackers are constantly evolving their methods, often incorporating exploits shortly after they're revealed. The exploit DarkIRC bot is now leveraging ( CVE-2020-14882 ) against Oracle WebLogic was corrected in October 2020 after being revealed 4 months earlier in June. While the patch has been out for a month, that is not actually that long given normal maintenance and patch cycles. However, it points to an ongoing issue in our ability to keep our systems up to date and get vital security.....Read More
Attackers are constantly evolving their methods, often incorporating exploits shortly after they're revealed. The exploit DarkIRC bot is now leveraging ( CVE-2020-14882 ) against Oracle WebLogic was corrected in October 2020 after being revealed 4 months earlier in June. While the patch has been out for a month, that is not actually that long given normal maintenance and patch cycles. However, it points to an ongoing issue in our ability to keep our systems up to date and get vital security patches in place quickly. Security analytics tools can help us identify where patches need to go in and recognize attacks when they take place, but we still need to improve our maintenance processes to reduce our risk from known vulnerabilities.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.