Symantec Secure Web Gateways: Exploited

May 23, 2020
symantec secure web gateware vulnerability

Hoaxcalls – The unpatched vulnerability

Here is the latest vulnerability news in the Cyberworld community; this has created an opportunity again for fraudsters to perform its magic . The story was about the bug found on the Symantec Secure Web Gateway version 5.0.2.8. This product reached its end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019 at a time where some people and businesses are still using it for malware protection. Imagine for just a few days where the threat actor discovered the vulnerability, and the fraudster was able to utilize this weakness and turned it to a lethal botnet.

Cybercrime Expert group in Palo Alto Networks’ Unit 42 division confirmed the exploit. The confirmation came out while working on several Website Scanning sessions on different tests conducted as part of their security monitoring activities. Given its current vulnerability status, hackers swarm onto it as no patch exists, because Symantec halted the support for the software. The only viable solution is to upgrade to the latest version of Symantec Secure Web Gateway, which, by the way, costs a fortune to do so.

 

Report on the endangered version

In the report that was submitted, the primary cause of exploit for this endangered version was called – Hoaxcalls botnet – named after the domain that was used to host it. Infection can only take place once the attacker has established an authenticated environment, which means they were able to get hold of an administrator account. The botnet described as being lethal ; this malware has all the attributes of a backdoor program that specializes in Command and Control execution protocols.

It can remain active even if the compromised system has been rebooted. It can also do system traffic overloading and is fully capable of launching widespread Distributed Denial of Service (DDoS) attacks. Such a powerful creation, considering it just came from an application that is already in its last moments.

Summarizing this report will leave us a few pointers to take note of as a reference. First, a minor leak can be a source of very lethal information that could be used against you. Second, fraudsters are zealots and opportunists, capable of all sorts of malicious online activities out of a small data dump. Their adaptability and critical thinking are what makes them a formidable threat online. Lastly, to ensure a more secure stronghold, investing in updated security software is a must to protect every asset that you and your business have. Everyone should be vigilant and should also keep up with the latest cybersecurity threats and how to avoid them.

About the author

Leave a Reply