The security landscape is being hit from all vectors, expanding the attack surface dramatically. Other trends such as cloud migrations and work-from-home mandates due to Covid-19 have opened new opportunities for nefarious conduct. Today’s cyber security is a multi-layered strategy, and so is the RidgeBot® approach. RidgeBot® auto-discovers assets, scans them, and then exploit the vulnerabilities found just as a hacker would. Armed with the detailed and accurate reports generated by RidgeBot®, security admins can quickly and proactively close all the vulnerabilities in their network along with critical assets.
More recently, Ransomware as a Service (RaaS) and Bitcoin payments are becoming the sophisticated tool du jour. The latest release of RidgeBot® features a new template specifically focused on combating ransomware attacks.
The RidgeBot® 3.2 ransomware template includes scanning and exploitation for the following classes of vulnerabilities:
- Remote Code/Command Execution. RidgeBot® as Eternal Blue or Strus2.
- For Eternal Blue exploits, RidgeBot® gains control the host shell of the compromised device and can issue commands from the shell.
- For Struts2 exploits, RidgeBot® can harvest the file directory of the target host and shows that the host target was entered and that its file directory is visible to RidgeBot®.
- Weak Password and Credential Stuffing. We are all familiar with passwords being rejected due to how easy or familiar they appear. And yet, there are numerous known vulnerabilities related to weak passwords, or credential disclosure, in the industry, including those associated with SSH, Redis, SQL Server, SMB and Microsoft Remote Desktop Server. RidgeBot® identifies these instances as vulnerabilities.
Server Message Block (SMB): is the Internet standard protocol Windows uses to share files, printers, and serial ports. In a networked environment, servers make file systems and resources available to clients. RidgeBot® 3.2 can identify and exploit SMB weak credentials as well as exploit Eternal Blue, the famous SMB vulnerability that cause the rampage of WannaCry Ransomware attack.
- WebLogic and Other File Uploads: File upload vulnerabilities use files to insert malicious code triggering RCE on the target platform, these include local and remote file uploads and include these vulnerabilities:
- Apache Tomcat PUT Method Write File (CVE-2017-12615)
- WebLogic Service Test Configuration Page Has Arbitrary File Upload (CVE-2018-2894)
- WebLogic XML Decoder Deserialization (CVE-2017-10271)
- Apache ActiveMQ Arbitrary File Writing (CVE-2016-3088)
For an in-depth look, read the full article on RidgeBot® here.