A patched vulnerability is being exploited by attackers who are using Apache Struts web development framework to install ransomware on servers. The flaw, located in Jakarta, allows attackers to execute system commands with the user running the web server process. Although the vulnerability was patched recently, attackers started to exploit the system almost immediately, which gave administrators very little time to roll out an update.
To make things worse, latest attacks had been deploying a more damaging malware: the Cerber ransomware program, which appeared over a year ago.
What steps should you take next? Server administrators that have not updated their Struts should do so as soon as possible. Also, it is best to run the command execution from accounts where users do not have the privileges to run the application. Lastly, if you are a Windows user, whitelisting policies can be used on Windows servers to limit which applications users can execute.