Apache Struts 2 web application framework has been targeted by hackers the past days. Hackers are exploiting Struts servers that are not yet updated, injecting commands of their own choice.
Information security experts and researchers discovered that Struts servers are under active attack, and things are escalating over the past over the past 48 hours, according to Ars Technica. This particular attack allows hackers to take control of Web servers being used by financial institutions like banks and that of vital government agencies.
Despite the update made by open source project maintainers, vulnerability still lingers. With the said attack, hackers are able to exploit and carry out malicious acts. This would include but may not be limited to deactivating of firewalls protecting servers, and even downloading and executing malware. The worst part is that there is no telling yet when these exploits would end.
"The second someone starts working on a Metasploit module, it's a ramp-up for rapid exploitation by a large number of people. We're basically seeing a huge number of people continue to exploit the vulnerability. That's likely going to continue to increase. I think what we're also going to see is people going to try to scan for the vulnerability," Threat Post quoted senior technical leader for Cisco's Talos research outfit, Craig Williams, as saying.
As means of resolving the issue, a certain patch is required recompile vulnerable versions of Apache Struts, according to Ars Technology Editor Peter Bright. Most bug fixes would require downloading and installing a patch, but the fix for this critical vulnerability is not that of a similar approach.
That being said, it is being estimated by experts that attack on Apache Struts 2 could take weeks or even months. Bugs are yet to be fixed, but safety measures are being performed until resolution arrives. Thus, posing more threat to vital institutions worldwide.
Watch here below five most dangerous hackers of all time: