January 12, 2018

Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

In October 2017, Oracle disclosed CVE-2017-10271—a critical vulnerability in WebLogic’s ‘WLS Security’ component which utilizes Java. A patch was released to address the issue.

It’s been widely reported that Bitcoin miners have been exploiting this vulnerability to gain access to and compromise systems.  Actors have been targeting a high number of WebLogic servers being hosted on public cloud servers. Scanned ports by threat actors include TCP/80, 443, 7001, 8080, 8888, 9000.

Common vulnerable systems recently attacked have had the following versions installed: 

  • 10.3.6.0.0
  • 12.1.3.0.0
  • 12.2.1.1.0
  • 12.2.1.2.0

Recommendations:

  • Update to 12.2.1.3 or higher.
  • Modify firewall rules to block outbound/inbound connections to ports that are not being used by the WebLogic server.
  • Block the IoCs listed in the REN-ISAC advisory report and SANS ISC InfoSec forum post on the firewall and/or IPS. 

Sources:

Herjavec Group’s Incident Response Services team is actively helping customers deal with the identification and remediation of this exploit.

For more information please connect with a Herjavec Group security specialist


About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across the United States, the United Kingdom, and Canada. For more information, visit www.herjavecgroup.com.

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group
 sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.