By now you’ve probably heard about the massive cybersecurity vulnerability which has been circulating through the headlines. If not, allow us to summarize: hackers exploited a web plug-in called Apache Struts, a software toolkit that as many as 65% of Fortune 500 companies use for creating Java-based web applications which they run on their web servers.
If you’re concerned that you might be impacted by Struts, here’s what you need to know to protect your business.
Who is affected?
This security risk stems from a vulnerable web plug-in. Examples of the types of web applications that were running this plug-in include airline booking and internet banking systems, online shops and even discussion forums. Every version of Apache Struts developed since 2008 is vulnerable to exploitation.
What is at risk?
The Apache Struts vulnerability allows a hacker to enter your company web server by modifying just one line of code. They are then able to move in and out of every device in your network using an RCE, or Remote Code Execution.
Once a hacker has gained access to your network, some of the many malicious activities they may engage in include shutting down all software, ransoming off pieces of your infrastructure one-by-one, triggering data leaks or the most likely type of attack, opening a backdoor for other hackers to access in the future.
How can I tell if I’ve been infected?
There’s no way to test if a server is vulnerable without exploiting it yourself. You might consider hiring a security research team to exploit it for you. Given the availability of patches and increasing detection rules, it’s likely that public attacks through this window will be curbed quickly, though since this is a relatively easy means for a hacker to breach valuable systems, it’s likely this will be a problem for a while if companies don’t take the necessary steps to protect themselves.
How can I fix this?
- If you’re using Apache Struts and the REST plug-in, Apache released a full patch that should be installed as soon as possible. But that’s only the first step to protecting yourself. System admins are urged to immediately upgrade to Struts 2.3.32or 5.10.1.
- If you’re using Struts but not the REST plug-in, remove it immediately.
- If you’re using Struts REST but not the XML, disable to XML pages and requests to such pages. The code looks like: <constant name="struts.action.extension" value="xhtml,,json" />
- If you’re using third-party web hosting or development services, ask your providers if they’re patched.
- Since this is the second time Apache has been manipulated in the last 6 months, in the future, consider sticking to JSON instead of XML data transfers.
How can I prepare for something like this to happen again in the future?
Unfortunately, there’s no way to predict what artful way hackers will find to exploit computer systems. However, when it comes to boosting security, you could begin by reducing the number of plug-ins you install to your website, restrict the options you enable for the plug-ins you must use and simplify the technologies you use for your business.
The best route would be to hire an IT security company who can implement these best practices and provide additional monitoring for future cybersecurity exploits.
If your business doesn’t already have an action plan for what to do in the event of an emergency, visit our large IT resources library and check out our helpful disaster recovery checklist. We also offer information on backing up data as part of a disaster recovery plan here.