Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

Cyber Security

Products You May Like

Cybersecurity researchers on Friday disclosed a now-patched critical vulnerability in multiple versions of a time and billing system called BillQuick that’s being actively exploited by threat actors to deploy ransomware on vulnerable systems.

CVE-2021-42258, as the flaw is being tracked as, concerns an SQL-based injection attack that allows for remote code execution and was successfully leveraged to gain initial access to an unnamed U.S. engineering company and mount a ransomware attack, American cybersecurity firm Huntress Labs said.

Automatic GitHub Backups

While the issue has been addressed by BQE Software, eight other undisclosed security issues that were identified as part of the investigation are yet to be patched. According to its website, BQE Software’s products are used by 400,000 users worldwide.

“Hackers can use this to access customers’ BillQuick data and run malicious commands on their on-premises Windows servers,” Huntress Labs threat researcher Caleb Stewart said in a write-up. “This incident highlights a repeating pattern plaguing SMB software: well-established vendors are doing very little to proactively secure their applications and subject their unwitting customers to significant liability when sensitive data is inevitably leaked and/or ransomed.”

Essentially, the vulnerability stems from how BillQuick Web Suite 2020 constructs SQL database queries, enabling attackers to inject a specially-crafted SQL via the application’s login form that could be used to remotely spawn a command shell on the underlying Windows operating system and achieve code execution, which, in turn, is made possible by the fact that the software runs as the “System Administrator” user.

“Hackers are constantly looking for low-hanging fruit and vulnerabilities that can be exploited—and they’re not always poking around in ‘big’ mainstream applications like Office,” Stewart said. “Sometimes, a productivity tool or even an add-on can be the door that hackers step through to gain access to an environment and carry out their next move.”

Products You May Like

Articles You May Like

36 Days Review: SonyLiv’s Murder Mystery Starring Purab Kohli, Neha Sharma Is Overstretched and Predictable
Samsung Galaxy Tab S10 Series to Be Launched in October, Tipster Claims
Amazon’s deal with AI startup Adept faces FTC scrutiny
Apple Tipped to Drop Blue Titanium Finish in Favour of a ‘Rose’ Colourway on iPhone 16 Pro
Xiaomi Watch S4 Sport Confirmed to Launch in China on July 19: What We Know So Far

Leave a Reply

Your email address will not be published. Required fields are marked *