Threat Overview

Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164) – SANS Internet Storm Center

A recent threat report published by CyberHunter_NL on 2024-12-16T15:05:11.149Z highlights the exploitation of a vulnerability in Apache Struts2 by hackers who are attempting to enumerate systems that are vulnerable to this vulnerability. The vulnerability, identified as CVE-2024-53677 and CVE-2023-50164, is being targeted by malicious actors who are using various tactics, including:

Spear-phishing to gain initial access
Enumerating systems that are vulnerable to the Struts2 vulnerability

The attackers use these tactics to enumerate systems that are vulnerable to the vulnerability. However, this vulnerability has been patched in recent updates.
Although the Struts2 vulnerability has patches available, many organizations may not be aware that they still need to apply these fixes. This is due to a delay between the discovery of the vulnerability and the release of security patches.
Therefore, it is essential for organizations to stay informed about recently discovered vulnerabilities and prioritize applying timely updates to prevent exploitation by exploiting zero-day vulnerabilities.

Some recommendations for improving cybersecurity posture include:

• Regularly update software packages to prevent exploitation by exploiting zero-day vulnerabilities
• Implement layered web and network security mechanisms
• Monitor activity from known adversary groups, such as those associated with Struts2 vulnerability.
• Implement strict security controls around access to sensitive systems

Additionally, having a plan in place for responding to potential cyber threats is essential. Organizations should establish protocols for detecting and responding to cyber threats, including the use of threat intelligence services.

https://isc.sans.edu/diary/rss/31520