All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories.

Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability

Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system, reports The Hacker News. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine.

Andrew Swoboda | Senior Security Researcher at Tripwire

Redis servers are subject to a code execution vulnerability. CVE-2022-0543 relates to a Lua sandbox escape bypass. To exploit this issue an attacker needs the ability to execute Lua scripts on a vulnerable system. This vulnerability has been used to fetch and execute botnet binaries. Once executed, an infected computer connects to an IRC server to receive commands.

FBI: 649 Ransomware Attacks Reported on Critical Infrastructure Organizations in 2021

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) says it received 649 complaints of ransomware attacks targeting critical infrastructure organizations in 2021, noted Security Week. Ransomware attacks hit 14 out of 16 CNI sectors last year, with healthcare being impacted the most, the IC3 notes.

Dylan D’Silva | Security Researcher at Tripwire

Fourteen of the sixteen critical infrastructure sectors in the US last year were hit with ransomware. For those that are unaware of what they are, the sectors range from chemical to dams to healthcare, and energy and nuclear.

From a definition perspective, they include sectors whose assets, systems, and networks, whether physical or (Read more...)