Microsoft and SysAid Find Clop Malware Vulnerability
Microsoft and SysAid Find Clop Malware Vulnerability
Your email has been sent
SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware.
On Nov. 8, SysAid, an Israel-based IT service management software company, reported a potentially exploited zero-day vulnerability in their on-premises software. Users of their on-premises server installations were encouraged to run version 23.3.36, which contained a fix. Microsoft Threat Intelligence analyzed the threat and found that Lace Tempest had exploited it.
The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X (formerly Twitter). The Microsoft security experts wrote, in part, “…Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware.”
The ultimate goal of attacks like this is often lateral movement through a system, data theft and ransomware.
Jump to:
After discovering the potential vulnerability on Nov. 2, SysAid called in Israel-based rapid incident response company Profero, which discovered the details of the vulnerability. Profero found that the attacker used a path traversal vulnerability to upload a WAR archive containing a WebShell and other payloads into the SysAid Tomcat web service’s webroot. From there, Lace Tempest delivered a malware loader for the Gracewire malware.
This vulnerability was recorded by MITRE as CVE-2023-47246.
SysAid provided a list of indicators of compromise and steps to take in its blog post about this vulnerability. In order to protect your organization against this malware, SysAid emphasized the importance of downloading the patch. Organizations should review what information may have been stored within their SysAid server that might be appealing to attackers and check its activity logs for unauthorized behavior. Other recommended actions include updating SysAid systems and conducting a thorough compromise assessment of your SysAid server.
The Clop ransomware delivered by attackers to SysAid on-prem software through the path traversal vulnerability first appeared in 2019. Clop malware is associated with a Russian-aligned threat actor group known by the same name, which Microsoft says has “overlaps” with Lace Tempest. In June 2023, Microsoft found Lace Tempest running the extortion site that uses Clop malware.
SEE: What will cybersecurity look like next year? Google Cloud’s cybersecurity trends to watch in 2024 include generative AI-based attacks (TechRepublic)
The Clop ransomware group has claimed responsibility for several major attacks in 2023. In June, they threatened to expose data from British Airways, BBC and the British retailer Boots. They were also allegedly behind the MOVEit Transfer ransomware attack in June.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Microsoft and SysAid Find Clop Malware Vulnerability
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
Due to the rise of the bring your own device movement, the lines have blurred between company and personal owned devices. Business work is now routinely performed on each. Examples include an iPhone set up to receive company email, so employees can stay up-to-date on their inbox while away from their desk or a home …
Because vendors supply the organization with critical supplies, goods, products, services and maintenance, and because these components possess a direct material impact on the organization’s success, all organization employees and representatives are subject to the vendor management and selection policy. The policy applies to all organization requests for proposals, bids, contracts, purchases and orders of …
Unlike consumer-level selling, completing B2B business transactions, especially when technological innovation is involved, often requires the cultivation of an intricate and complicated customer relationship. Merely having the best product or service is not enough. Someone must show the customer or client how that product or service will solve both their current and future problems. To …
Software is the lifeblood of businesses today. Tech has come out to be a solid differentiator, with faster product delivery being a make-or-break moment for any organization. TechRepublic Premium presents this quick glossary of key concepts to help your understanding. From the glossary: Integrated development environment An IDE is a one-stop software application for developers …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.
source
