This year hasn’t been good for users of Open Source software, which at one level or another, includes just about everybody. Unfortunately, a recent grim discovery makes it unlikely that we’ll see the number of attacks decline any time soon. Not long ago, two new back doors were discovered in more than a dozen libraries that have been downloaded hundreds of thousands of times by server administrators.
One of them was discovered in Webmin, which is a web-based administration tool that boasts over a million installations.
While the exact date is unknown, sometime in the early part of 2018, someone compromised the server that was used to develop new versions of the program. Once compromised, the unknown assailant used the access to distribute a backdoor that was downloaded nearly a million times, and is no doubt actively used by tens of thousands of internet-facing servers. If you’re using versions 1.90, 1.91, or 1.92 of Webmin, you are impacted and at risk.
The second recent discovery concerns the RubyGems repository. Here, the backdoor allows attackers to use pre-chosen credentials to remotely execute commands to infected servers. In addition to that, RubyGems developers also discovered that a cryptocurrency miner had been slipped into the code. That allows hackers to hijack infected servers to use their processing power for illicit mining operations, sending the proceeds to the hackers themselves.
These types of attacks can have an incredibly high impact because they tend to affect servers that sit at the heart of critical processes, like sending bulk emails or serving web pages. Unfortunately, once such a system is infected like this, the only way to secure it is to perform a complete rebuild which is a time and resource intensive task that few business owners want to contemplate.