An energetic exploitation scenario by the infamous Kinsing malware has been revealed as a result of an exposed critical vulnerability in Apache ActiveMQ, known as CVE- 2023-46604.  ,
The vulnerability allows for remote code execution (RCE ) due to inadequate validation of throwable class types in OpenWire commands, according to an advisory published by Trend Micro on Monday.  ,
A Java-based opened source protocol called Apache ActiveMQ is frequently used for message-oriented middleware, enabling smooth communication between various applications.
Kinsing is a serious threat that precisely targets Linux-based systems. It uses container environments that have been misconfigured and web application vulnerabilities to infiltrate servers and quickly spread across networks.  ,
In November, reports of effective CVE-2023-46604 exploitation surfaced, with threat actors using exploits like Metasploit and Nuclei. Despite the vulnerability’s severity ( CVSS 9.8), detection is still not very high.  ,
The risk with this CVE is that Apache ActiveMQ is widely used, and because it can communicate across multiple protocols ( like MQTT), it is also frequently used in non-IT environments to interface to IoT/OT/ICS devices, according to John Gallagher, vice president of Viakoo Labs.
Crypto mining is an excellent activity for many IoT devices because they have strong processing capabilities and lack sewing policies.
The ProcessBuilder method is used in the Kinsing exploit, which causes malware and cryptocurrency miners to be downloaded and executed on undermined systems. Importantly, the malware actively seeks out and eliminates rival cryptocurrency miners.
Hazard actors behind Kinsing take advantage of not only CVE-2023-46604 but also other high-profile flaws, such as the Looney Tunables vulnerability.
Users were urged to upgrade right away by Trend Micro in order to reduce the risks connected to this vulnerability. The “validateIsThrowable” method is added to the” BaseDataStreamMarshall” class in the CVE- 2023-46604 patch to address the underlying issue.
Organizations should prioritize patching and remediation, particularly for all external-facing exposure and those with higher-value assets, according to Ken Dunham, director of cyber threat at Qualys,” to guard against this]threat.”
To combat known TTPs for brute force and known attacks until the risk of exploitation is totally remediated, precautions like thorough monitoring and logging reviews with workarounds where they apply are also advised.
