HomeSecurity ArchitectureJetBrains TeamCity faces ransomware threat following data breach • The Register

JetBrains TeamCity faces ransomware threat following data breach • The Register

Published on

spot_img

Security researchers have detected emerging exploit attempts that are taking advantage of the latest vulnerabilities in JetBrains’ TeamCity software, with some incidents resulting in the deployment of ransomware.

According to Brody Nisbet, the director of threat hunting operations at CrowdStrike, telemetry data has indicated ongoing attacks that involve the use of a suspected modified version of the Jasmin ransomware. Jasmin, originally an open source red teaming tool designed to simulate ransomware attacks, has been previously altered for malicious purposes, such as the case of the GoodWill ransomware variant in 2022.

The GoodWill ransomware variant deviated from traditional ransomware tactics by demanding victims to perform acts of goodwill, such as donating to charities, instead of requesting monetary payments. Now, security experts are warning of active exploitation of two vulnerabilities in TeamCity, one critical and one high-severity, with reports of attacks already occurring in the wild.

Christiaan Beek, the senior director of threat analytics at Rapid7, has confirmed the exploitation of these vulnerabilities, with the most severe one, CVE-2024-27198, being exploited on a large scale. Attackers are infiltrating CI/CD servers, creating numerous accounts for future use, and registering usernames consisting of random alphanumeric characters. This situation raises concerns about compromised TeamCity instances and the potential for further cyberattacks.

Internet monitoring data from Shadowserver reveals that there are still 1,182 TeamCity servers exposed to the internet and vulnerable to these security flaws. The United States and Germany host the majority of these vulnerable servers, indicating a widespread risk of exploitation.

To address these vulnerabilities, users running on-premises versions of TeamCity prior to 2023.11.4 are strongly advised to apply the necessary patches promptly. The ease of exploitation and the possibility of software supply chain attacks underscore the urgent need for mitigation efforts.

The disclosure of these vulnerabilities has sparked a debate within the cybersecurity community, particularly regarding the handling of vulnerability disclosure between JetBrains and Rapid7. JetBrains opted for a coordinated approach, intending to release patches to customers before making detailed vulnerabilities public, while Rapid7 favored immediate disclosure for transparency.

The disagreement between the two parties led to Rapid7 publishing a disclosure timeline that highlighted their differing disclosure policies. JetBrains defended their decision, emphasizing their commitment to customer protection, while Rapid7 believed in the importance of transparency and timely information sharing.

Despite the conflicting approaches, both JetBrains and Rapid7 share the goal of safeguarding users against cyber threats. It is essential for organizations to stay informed about security updates and prioritize patching to defend against potential attacks exploiting TeamCity vulnerabilities.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish