IT Services Toronto Encourage Updates of Software after 3.2 Million Computers Put at Risk
According to the Talos Group owned by Cisco, hackers have been exploiting outdated copies of JBoss by Red Hat. This has resulted in backdoors in the form of webshells being installed in 2,100 servers over 1,600 networks putting more than 3 million servers at risk.
Talos tells us that the backdoors include: "mela", "shellinvoker", "jbossinvoker", "zecmd", "cmd", "genesis", "sh3ll" and possibly "Inovkermngrt" and "jbot"
JBoss is an enterprise server that allows data, devices, and servers to work across platforms. Up-to-date versions of this software professionally installed and maintained are secure and safe to use. However, out-of-date and unmanaged copies are certainly a risk and could be affecting some organizations Toronto IT services.
The most unfortunate part of this cyber-attack is that it has been targeting schools, universities, and government departments running “Destiny”. Destiny is a library management product of Follett and is used in schools across North America. Destiny is a trusted product and even has users within the GTA. Follett, to their credit, has been on top of the situation and has developed a patch to fix the intrusion/backdoor issue.
Of particular concern to IT services Toronto is that criminals may (and have) use these webshell backdoors to extort the owners of the infected servers by use of a new integration of ransomware named Samsam. Because the backdoors are on the servers themselves the risk of serious and sensitive data exposure is high.
This is just one example of vulnerabilities being exposed by technical opportunists and trending shows that there will be many more to come. When it comes to reputable IT services Toronto, firms such as {company} recommend the following to protect yourself and your infrastructure against backdoor installation by criminals:
- Install all updates and patches
- Have your system professionally and remotely monitored for intrusions
- Have a redundant backup system in place
- Install, update, and run a reputable antivirus
- Remove external access until problem is resolved
- Reimage the system
- Install updated software versions and patches
- Install and maintain a reputable antivirus