Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry.
Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of Things, or IoT devices before deploying payloads.
Microsoft said it looked at a report published by Recorded Future that was published in April 2022 that detailed a suspected electrical grid intrusion in India and found a common component that is vulnerable – the Boa web server.
Boa servers, Microsoft said, are used to access settings, management consoles, and sign-in screens on devices, and despite being discontinued in 2005, they continue to be implemented by vendors.
Boa vulnerabilities allow hackers to gain access to networks by collecting data from files.
When Microsoft looked into the Recorded Future report, it found the Indian incident was just one of several intrusion attempts to gain access to infrastructure in the subcontinent. The most recent attack was in October 2022.
Some information obtained in the Indian energy hack included sensitive employee information, financial records, client records, engineering drawings and private keys.
The commonality among all the IP addresses assessed by Microsoft was they were all running Boa servers. A further analysis found that 10% of the IP addresses returned connections to critical industries like the petroleum industry,
These same IP addresses were attached to IoT devices like routers that had unpatched vulnerabilities.
“Microsoft continues to see attackers attempting to exploit Boa vulnerabilities,” the tech company said. “The popularity of Boa web servers is especially concerning as Boa has been formally discontinued since 2005.”
In the span of a week, Microsoft said, its Defender Threat Intelligence platform found over 1 million internet-exposed Boa server components around the world.
The biggest bulk of those components were in India, while the U.S., Brazil and South America showed large numbers as well.
To address these vulnerable components, Microsoft suggested organizations and network operators patch vulnerable devices and, if possible, find devices with vulnerable components and add measures to identify and detect malicious activities.