Businesses using Cacti, a popular hardware monitoring software, are at risk. Researchers from The Shadowserver Foundation have discovered attackers exploiting a critical vulnerability (CVE-2022-46169) to install malware on vulnerable systems.
This flaw, rated 9.8 on the Common Vulnerability Scoring System (critical), allows attackers to spread malicious software like Mirai botnet malware and IRC bots. Mirai targets Linux-based devices like smart home cameras and routers, potentially incorporating them into a botnet capable of launching crippling DDoS attacks that crash websites and disrupt operations. IRC bots can establish remote control over compromised systems.
The situation is concerning because thousands of Cacti installations remain unpatched. Reports indicate over 6,000 Cacti instances are accessible online, with more than 1,600 potentially vulnerable to this specific exploit.
IT security leaders should take immediate action. Patching all Cacti instances to the latest version (post-1.2.23) is crucial. Additionally, scanning networks to identify and patch vulnerable Cacti installations is essential.
This incident highlights the importance of robust patch management practices. Regularly updating software is vital to mitigating known vulnerabilities. Furthermore, companies should consider third-party risk assessments to evaluate the security posture of any software used within their infrastructure.
By proactively patching Cacti and prioritizing software updates, businesses can significantly reduce their attack surface and prevent these types of malware attacks.
