According to the Talos Group owned by Cisco, hackers have been exploiting outdated copies of JBoss by Red Hat. This has resulted in backdoors in the form of webshells being installed in 2,100 servers over 1,600 networks putting more than 3 million servers at risk.
Talos tells us that the backdoors include: “mela”, “shellinvoker”, “jbossinvoker”, “zecmd”, “cmd”, “genesis”, “sh3ll” and possibly “Inovkermngrt” and “jbot”
JBoss is an enterprise server that allows data, devices, and servers to work across platforms. Up-to-date versions of this software professionally installed and maintained are secure and safe to use. However, out-of-date and unmanaged copies are certainly a risk and could be affecting some organizations Toronto IT services.
The most unfortunate part of this cyber-attack is that it has been targeting schools, universities, and government departments running “Destiny”. Destiny is a library management product of Follett and is used in schools across North America. Destiny is a trusted product and even has users within the GTA. Follett, to their credit, has been on top of the situation and has developed a patch to fix the intrusion/backdoor issue.
Of particular concern to IT services Toronto is that criminals may (and have) use these webshell backdoors to extort the owners of the infected servers by use of a new integration of ransomware named Samsam. Because the backdoors are on the servers themselves the risk of serious and sensitive data exposure is high.
This is just one example of vulnerabilities being exposed by technical opportunists and trending shows that there will be many more to come. When it comes to reputable IT services Toronto, firms such as PACE Technical Services recommend the following to protect yourself and your infrastructure against backdoor installation by criminals:
- Install all updates and patches
- Have your system professionally and remotely monitored for intrusions
- Have a redundant backup system in place
- Install, update, and run a reputable antivirus
If your system has been already compromised the following steps are in order:
- Remove external access until problem is resolved
- Reimage the system
- Install updated software versions and patches
- Install and maintain a reputable antivirus
If you cannot reimage your system (or all of your system) restore what you can from a backup and upgrade your software.
Does your Toronto area business have a partnership with an IT services firm that understands your needs and the threats facing your business? PACE Technical Services works with many small to mid-size businesses just like yours! Give us a call today at 905.763.7896 Ext. 214 or send an email to firstname.lastname@example.org. We’d be happy to answer your cyber-security questions.