At least one hacking group is exploiting a security flaw in a popular billing software suite to gain initial access, take over servers, and then deploy ransomware inside companies’ networks. The attacks targeted BillQuick Web Suite, a billing solution developed by California-based BQE.

Hackers were able to successfully exploit  CVE-2021-42258 using it to gain initial access to a US engineering company and deploy ransomware across the victim’s network.

Advertisements

The attack was able to reproduce the attacker’s exploit, described as an SQL injection vulnerability in the app’s login page.

Simply navigating to the login page and entering a single quote (`’`) can trigger this bug,” Steward said. “Further, the error handlers for this page display a full traceback, which could contain sensitive information about the server-side code.

Huntress said the vulnerability could be abused to dump the content of the MSSQL database used by the BillQuick software and even for remote code execution scenarios that would allow hackers control over the entire server.

In addition to the SQL injection bug exploited in the ransomware attacks, also discovered eight other vulnerabilities in the BillQuick software during their investigation.

All issues were reported to the vendor, which released patches for the actively exploited CVE-2021-42258 SQL injection bug in WebSuite 2021 version 22.0.9.1 on October 7. Patches for the eight other issues are forthcoming.

Also Read : New IPL Teams and Owners

Researchers is now warning customers who still run BillQuick Web Suite 2018 to 2021 v22.0.9.0 to update their billing suites.According to the BQE website, the company claims more than 400,000 customers.