Industrial scale: “This is all about neglect and efficiency,” Gene Moody, field CTO at patch management provider Action1, told CSO . “React2Shell quickly met all the criteria attackers look for: public disclosure, reliable exploitation, and internet-facing exposure. That combination effectively guaranteed widespread abuse. Since then, multiple campaigns have automated the full [attack] lifecycle [of], scanning, exploitation, and credential harvesting, with little to no human intervention.”Attackers operate at industrial scale, he added. Platforms like Shodan and Censys already index much of the internet, making vulnerable systems trivial to find. With the finite IP space, comprehensive scanning can be completed in well under an hour on even the most modest of modern computers/internet connections.”There is no meaningful obscurity left for exposed systems,” he added. “To be honest, there never really was.”
‘Attack started when you failed to patch’: The result is predictable, Moody said: Unpatched systems are not ‘at risk’, they are in a queue. Discovery is fast, exploitation is fast, and compromise is often automated end-to-end. “React2Shell is a perfect example of how quickly attackers can turn a known issue into a sustained revenue stream, and have it persist for extended periods of time based on admin complacency,” he said.”Even more concerning is what happens after initial access,” he added. “Credential harvesting extends the lifespan of the attack far beyond the original vulnerability. Even if systems are patched later, stolen credentials can enable persistence, lateral movement, and, as a result, means the attack started when you failed to patch. One mistake can turn into every mistake in an instant, with information like this in the wrong hands. The damage could be absolute, with no recovery possible. Businesses have failed for less. When it ends will certainly not be when the patch is applied, unless you got it before being compromised.”Treat your patching like a toothache,” he advised. “At first sign, address it as fast as possible, or only misery follows.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4154188/security-lapse-lets-researchers-see-react2shell-hackers-dashboard.html
