Barracuda examined a couple of the payloads supplied by malicious actors seeking to exploit CVE-2022-26134 in further depth in a subsequent Threat Spotlight.
Following the coordinated publication of a zero-day vulnerability in Atlassian Confluence by Volexity, now known as CVE-2022-26134, attackers rushed to exploit it.
Barracuda, a trusted partner and top provider of cloud-first security solutions, researchers have analysed data from their installations worldwide since the original disclosure and subsequent publication of various proofs of concept and discovered a large number of attempts to exploit this vulnerability.
The exploit attempts range from harmless reconnaissance to more complicated attempts to infect devices with DDoS botnet malware and cryptominers.
On June 2, information regarding CVE-2022-26134 was made public.
The vulnerability allows unauthenticated, remote attackers to establish new administrative accounts, execute privileged commands, and take control of the systems.
Atlassian Confluence is a solution for collaborative documentation.
Various threat actors exploited the vulnerability during the ensuing weekend, and hostile actors quickly got aware of it.
Initially, Barracuda researchers saw a steady flow of attacks attempting to exploit this vulnerability, with several significant spikes.
With the continuous monitoring of these attacks and the pattern, the researchers found that the overall volume dropped slightly in August. Attackers have not given up on trying to exploit this vulnerability.
Exploitation attempts originated mostly from IP addresses in Russia, followed by the United States, India, the Netherlands, and Germany.
Previous investigation revealed some of the payloads delivered as well as the sources of the attacks.
“There has been a consistent flow of attacks over time, and we anticipate that a large quantity of scanning and such attempts will continue for the time being.” “It’s crucial to take actions to secure your systems, Patching is a good idea right now, especially if the machine is connected to the internet. Putting a web application firewall in front of such systems will give comprehensive protection against zero-day attacks and other vulnerabilities.”
Tushar Richabadas, Senior Product Marketing Manager, Applications and Cloud Security, Barracuda, said
About Barracuda Networks