Catalin Cimpanu October 25, 2021 Briefs Technology Cybercrime 6000 Hackers use SQL injection bug in BillQuick billing app to deploy ransomware At least one hacking group is exploiting a security flaw in a popular billing software suite to gain initial access, take over servers, and then deploy ransomware inside companies' networks. Discovered by Huntress Labs this month, the attacks targeted BillQuick Web Suite, a billing solution developed by California-based BQE. "Hackers were able to successfully exploit CVE-2021-42258-using it to gain initial access to a US engineering company-and deploy ransomware across the victim's network," Caleb Stewart, a security researcher for Huntress Labs, said over the weekend. Stewart said Huntress investigated the attack and was able to reproduce the attacker's exploit, described as an SQL injection vulnerability in the app's login page. "Simply navigating to the login page and entering a single quote ("") can trigger this bug," Steward said. "Further, the error handlers for this page display a full traceback, which could contain sensitive information about the server-side code." Huntress said the vulnerability could be abused to dump the content of the MSSQL database used by the BillQuick software and even for remote code execution scenarios that would allow hackers control over the entire server. This is how Huntress believes the threat actor was able to enter customer networks and deploy ransomware. Eight other issues also discovered; patches available In addition to the SQL injection bug exploited in the ransomware attacks, Stewart said Huntress also discovered eight other vulnerabilities in the BillQuick software during their Based on the above incidents, answer the following questions: a) What is your best advice to avoid SQL injection attacks? [- -] b) At what stage of Cyber Killchain of the hacker's modus operandi take place?

Transcribed Image Text:

Catalin Cimpanu October 25, 2021 Briefs Technology Hackers use SQL injection bug in BillQuick billing app to deploy ransomware At least one hacking group is exploiting a security flaw in a popular billing software suite to gain initial access, take over servers, and then deploy ransomware inside companies' networks. Discovered by Huntress Labs this month, the attacks targeted BillQuick Web Suite, a billing solution developed by California-based BQE. "Hackers were able to successfully exploit CVE-2021-42258-using it to gain initial access to a US engineering company-and deploy ransomware across the victim's network," Caleb Stewart, a security researcher for Huntress Labs, said over the weekend. Stewart said Huntress investigated the attack and was able to reproduce the attacker's exploit, described as an SQL injection vulnerability in the app's login page. "Simply navigating to the login page and entering a single quote (*) can trigger this bug," Steward said. "Further, the error handlers for this page display a full traceback, which could contain sensitive information about the server-side code." Huntress said the vulnerability could be abused to dump the content of the MSSQL database used by the BillQuick software and even for remote code execution scenarios that would allow hackers control over the entire server. This is how Huntress believes the threat actor was able to enter customer networks and deploy ransomware. Eight other issues also discovered; patches available In addition to the SQL injection bug exploited in the ransomware attacks, Stewart said Huntress also discovered eight other vulnerabilities in the BillQuick software during their Based on the above incidents, answer the following questions: a) What is your best advice to avoid SQL injection attacks? [- -] b) At what stage of Cyber Killchain of the hacker's modus operandi take place? [] Cybercrime miea