Endpoint/Device Security, Security Architecture, Application security, Cloud Security

Threat actors can exploit Spring4Shell to launch botnets that target cloud-based IoT systems

A CCTV camera in Pancras Square near Kings Cross Station on August 16, 2019 in London, England. CCTV cameras using facial-recognition systems at King’s Cross are to be investigated by the UK’s data-protection watchdog after a report by the Financial Times. (Photo by Dan Kitwood/Getty Images)

Researchers on Friday reported active exploitation of the Spring4Shell vulnerability that allows threat actors to weaponize and execute the Mirai botnet malware, which tends to launch DDoS attacks on cloud-based IoT systems such as security cameras, agricultural systems, medical devices, and vehicles.

In a blog post, Trend Micro researchers said malicious actors were executing the Mirai botnet malware primarily in the Singapore region. The researchers said they saw the exploitation of CVE-2022-22965 at the start of April 2022.

The researchers say the RCE vulnerability gives threat actors full access to compromised devices, making it a dangerous and critical vulnerability.  Spring has released patches for this vulnerability with complete details here.

The industry had expected to see threat actors leverage the Spring4Shell vulnerability since it was announced, and Trend Micro’s research proves this out, said Mike Parkin, senior technical engineer at Vulcan Cyber. Parkin said thus far, Spring4Shell hasn’t blown up into a massive issue, but it still has the potential to become a higher-profile problem.

“It also reinforces the ‘you are responsible for your own applications’ security structure in the cloud,” Parkin said. “Cloud vendors usually do an excellent job securing their platforms, however, if you deploy vulnerable software, then it’s your responsibility to fix it, not theirs.”

Davis McCarthy, principal security researcher at Valtix, added that organizations lack visibility into the security events that impact their cloud workloads and services, whether from the rapid migration to the cloud, or the technical debt that comes with it.

“Threat actors know they can target cloud infrastructure and spread crypto-mining/DDoS botnets, like Mirai, without being detected,” McCarthy said. “Spring4Shell shows us that cloud applications need proactive defense capabilities, especially when the zero-day allows full access to the vulnerable host.”

Chris Olson, CEO at The Media Trust, said in face of Log4Shell, many organizations rolled out patches to protect their internal systems and consumer-facing services.

“But the emergence of Spring4Shell reminds us that patching is only a temporary fix: as long as organizations are depending on third-party assets for website, app and back-end development, they must exercise continual vigilance and monitoring to protect their users,” Olson said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.