HQ/EMEAFind out how we can help your business
Hackers are currently exploiting the publicly accessible ServiceNow bug to breach government and business organisations and execute their data theft campaigns.
Based on reports, the campaign was discovered after researchers investigated several victims, such as government institutions, energy firms, software development companies, and data centres.
There are already established security fixes for the flaw, but companies unaware of such weakness could still be susceptible to these exploits.
ServiceNow is a cloud-based platform that allows organisations to manage digital processes for enterprise operations.
The ongoing exploit of the ServiceNow bug could result in significant damage as it is widely used in various industries, such as the government sector, healthcare, financial institutions, and large corporations.
Recent assessments of the bug revealed about 300,000 internet-exposed instances, indicating that numerous organisations employ the product. Earlier this month, ServiceNow released hotfixes for the input validation flaw CVE-2024-4879, which allows unauthenticated users to execute remote code on several versions of the Now platform.
Additionally, a separate researcher who found the flaw published a detailed explanation about CVE-2024-4879 and two other flaws (CVE-2024-5178 and CVE-2024-5217) in ServiceNow that malicious entities can simultaneously exploit for complete database access.
However, the write-up has caused a massive buildup of working exploits on GitHub and bulk network scanners for CVE-2024-4879. This immediate adoption of the write-up has allowed threat actors to use it to discover vulnerable instances instantly.
One example of this campaign is a payload injection attack in which searchers for a particular result in a server response, followed by a second-stage payload that scans the database contents. If successful, the operators acquire user lists and account information. Though the researchers said the exposed details are hashed, some breaches exposed plaintext credentials.
Furthermore, researchers have noticed a sudden rise in the popularity of ServiceNow flaws on hacker forums, particularly among individuals seeking access to IT service desks and business portals, showing a significant level of interest from the cybercriminal community.
ServiceNow released solutions for all three vulnerabilities earlier this month in separate bulletins. Users should check the fixed version in the advisories to ensure they have applied the patch to all instances.
