-6.9 C
New York

IBM File Sharing Software Exploited by Hackers for Ransomware Attacks

IBM’s Aspera Faspex file transfer software is being exploited by ransomware groups to target businesses. The software is popular for its quick and secure transfer of large files. However, security experts warn that an unpatched flaw in the software, identified as CVE-2022-47986, is being actively exploited by hackers to bypass authentication and remotely execute code.

Vulnerability Exploited by Ransomware Groups

Despite IBM fixing the flaw on December 8, 2022, it did not immediately disclose the vulnerability. The flaw was only detailed in a security advisory released on January 26, 2023, which warned that the vulnerability could allow a remote attacker to execute arbitrary code in the system. The flaw has a high score of 9.8 on the Common Vulnerability Scoring System (CVSS) scale.

The Shadowserver malicious activity tracking group issued a warning on February 13, 2023, after observing active attempts to exploit the vulnerability in vulnerable versions of Aspera Faspex. Software developer Raphael Mendonça reported on February 16, 2023, that a group called BuhtiRansom had encrypted several vulnerable servers.

BuhtiRansom is a new ransomware group that uses ransomware written in the Go language to infect Linux systems. Victims are directed to pay the ransom through SatoshiDisk.com, a Bitcoin payment site hosted on a Cloudflare IP. The Unit 42 threat intelligence group at Palo Alto Networks identified BuhtiRansom and reported its ransomware activity.

Targeting File Transfer Software

Ransomware groups have targeted file transfer software or devices in the past to launch attacks. The Clop group has claimed responsibility for a recent large-scale attack campaign against users of GoAnywhere MFT, Fortra’s widely used file transfer software. The group exploited a zero-day vulnerability to target victims who had yet to patch the flaw, and it has claimed over 130 victims so far.

IBM urges users of Aspera Faspex to update their software to the latest version to address the vulnerability and prevent exploitation by hackers. Users should also implement multi-factor authentication and monitor their networks for any signs of unauthorized access.

Subscribe

Related articles

The Future of Online Lending: Trends to Watch in 2025

Finances are one of the most decisive parts of...

Big Data Analytics: How It Works, Tools, and Key Challenges

Your business runs on data—more than you may realize....

Top 7 Mobile App Development Mistakes and How to Avoid Them

Mobile app development brings many chances but also has...

Microsoft Patents Speech-to-Image Technology

Microsoft has just filed a patent for a game...
About Author
editorialteam
editorialteam
If you wish to publish a sponsored article or like to get featured in our magazine please reach us at contact@alltechmagazine.com