Hackers are taking advantage of a common vulnerability in Apache Strut 2 to launch massive attacks against websites across the world, researchers have warned.
According to cyber security researchers at Cisco Systems, it has been observed in the recent past that attackers are taking advantage of a common vulnerability in the commonly-used web platform functionality to launch massive attacks against websites of governments and other public institutions.
In the recent past, we have witnessed an abnormally high number of attacks and attempts at attacks against various websites across the world,’ the researchers have said.
It has been further reported that the attackers are able to take advantage of the common parser vulnerability because it is largely available.
Strut 2 is a common web framework that, in the recent past, has hit the headlines after researchers discovered that a major weakness in its functionality.
Immediately the findings of the weakness were published, the company running the system announced that it was patching the security flaw in the system.
However, it appears that hackers are still able to exploit the parser weakness in the framework.
According to Nick Biasin of Cisco Systems, most of the attacks that have been observed so far fall into either of the following two categories: probing and distribution of malware.
It appears that hackers are using the vulnerability to attempt to hijack servers and cause considerable damage to the targeted websites.
It has been reported that in one instance, hackers managed to gain access to a website by exploiting the weakness. The hackers then gained remote control over the server and managed to infect the website with various forms of malware.
However, it appears that the new development has sparked widespread concerns in the industry, with more experts warning that websites owners need to take the issue seriously.
According to Vicente Motos, a cyber security expert, increased incidents in which hackers are attempting to take advantage of the vulnerability to attack websites means that the issue is getting out of hand fast.
‘We have been warning companies and government departments to treat this issue as an emergency, however, we are yet to see a positive response from them now, given that we are witnessing an increase in the number of attacks,’ he wrote in a blog post.
It remains to be seen how the persons responsible for maintaining the Apache Struts framework will respond to the recent developments.