Microsoft Claims Hackers Use Obsolete Boa Software to Hijack Electrical Infrastructure

Microsoft has issued a warning that cybercriminals are using an outdated web server in widespread internet of things (IoT) devices to attack enterprises in the energy industry.

Discovery of Security Flaws

Based on a recent report by TechCrunch, Microsoft researchers said on Tuesday, Nov. 22, via a blogpost, that they had found a security flaw in the Boa software, which is still extensively used in many devices like routers and security cameras. Also, it is still included in many popular software development kits (SDKs) despite being officially discontinued in 2005. 

It was discovered by the tech giant while looking into a possible incursion into the Indian power grid via IoT devices by Chinese state-sponsored attackers, as reported by Recorded Future in April. 

Operational technology (OT) networks are used to monitor and control physical industrial equipment.

Microsoft warned about the supply chain risk that may impact millions of organizations and devices stemming from the discovery of one million internet-exposed Boa server components worldwide over the course of a week.

The tech firm noted that it continues to witness attackers trying to exploit Boa issues, which include a high-severity information disclosure bug (CVE-2021-33558) and another arbitrary file access vulnerability (CVE-2017-9833).

Microsoft alerted that attackers may have a far bigger effect if they were able to exploit the known security flaws that affect such components to gather information about network assets before launching assaults and to gain unauthorized access to a network by gaining legitimate credentials.

See More: US Watchdog Claims Offshore Oil, Gas Facilities Targeted by Cyberattackers; OTs Have Security Flaws

Tata Power Breach

The last incident Microsoft noticed occurred in October when Tata Power was breached, according to reports. 

The Hive ransomware gang exposed confidential personnel information, engineering drawings, financial and banking records, customer data, and certain private keys that had been taken from the Indian energy giant as a consequence of this incident.

Apparently, the Hive ransomware group has been active since 2021. Those in the healthcare, energy, and retail industries with significant downtime costs have allegedly been a target.

“Microsoft continues to see attackers attempting to exploit Boa vulnerabilities beyond the timeframe of the released report, indicating that it is still targeted as an attack vector,” said the tech giant.

Experts’ Tips

Microsoft has issued an advisory that it is impossible to mitigate these Boa vulnerabilities owing to the continuous popularity of the now-defunct web server and the complexity with which it is integrated into the IoT device supply chain. 

Organizations and network administrators should apply patches to vulnerable devices whenever feasible, locate devices with susceptible components, and set up detection rules to spot malicious activities, as suggested by Microsoft.

The security of widely used network components is once again brought to light by Microsoft’s warning. 

According to TechCrunch, last year, a zero-day flaw called Log4Shell was discovered in the open-source Apache logging library Log4j, which may have impacted up to three billion devices.

Also Read: Microsoft Releases Warning for ‘Raspberry Robin’ Threat: Infected Networks Objectives Unknown

This article is owned by Tech Times

Written by Trisha Kae Andrada

ⓒ 2022 All rights reserved. Do not reproduce without permission.

Leave a Reply

Your email address will not be published. Required fields are marked *