The 9.8 severity IBM file exchange problem is being used by ransomware criminals

Photo Credit: CSO Online Security researchers have warned that attackers are using a significant flaw in an IBM file exchange application to breach servers and install ransomware. Large enterprises utilize the IBM Aspera Faspex, a centralized file-exchange program, to move enormous files or large volumes of files at extremely fast speeds. Aspera employs IBM's proprietary FASP—short for Fast, Adaptive, and Secure Protocol—to better utilize available network capacity as opposed to depending on TCP-based technologies like FTP to move files. Additionally, the software offers fine-grained administration that enables users to transmit files quickly and easily to a number of recipients via distribution lists, shared inboxes, or workgroups, giving transfers an email-like workflow. Photo Credit: Security Boulevard Late in January, IBM advised customers to install an update to remedy a significant vulnerability found in Aspera versions 4.4.2 Patch Level 1 and earlier. The vulnerability, identified as CVE-2022-47986, enables unauthenticated threat actors to execute malicious code remotely by making specially crafted calls to an antiquated programming interface. CVE-2022-47986 received a severity score of 9.8 out of 10 due to the vulnerability's ease of exploitation and the potential harm it might cause. On Tuesday, security experts from Rapid7 stated they had just responded to an event in which the vulnerability had been used to compromise a customer. Also Read: Ransomware victims are refusing to pay, causing the attackers’ income to decline. Rapid7's researchers reported that the organization is aware of at least one recent event in which a customer's information was compromised using CVE-2022-47986. "We strongly urge patching on an emergency basis, without waiting for a regular patch cycle to occur, given active exploitation and the fact that Aspera Faspex is typically deployed on the network perimeter." Some researchers claim that ransomware is being installed using the vulnerability. For instance, Sentinel One researchers recently reported that the IceFire ransomware organization was using CVE-2022-47986 to install a fresh Linux version of their malware that encrypts files. The gang had previously solely promoted a Windows version that was installed through phishing emails. IceFire switched to the IBM vulnerability to propagate its Linux version because phishing assaults are more difficult to execute on Linux servers. Also, according to researchers, the Buhti ransomware is being installed as a result of the vulnerability. Photo Credit: FCW As previously mentioned, IBM addressed the flaw in January. To be sure no one missed it, IBM reprinted its caution earlier this month. Check out these postings from security companies Assetnote and Rapid7 to learn more about the vulnerability and how to prevent potential attacks against Aspera Faspex servers.