“TeamCity Security in Question – Growing Threats from Cybercriminals”


Attacks Exploiting Vulnerabilities in JetBrains TeamCity Software

The situation in the cybersecurity market is becoming increasingly dangerous due to the growing number of attacks exploiting vulnerabilities in popular applications. Recently disclosed vulnerability in JetBrains TeamCity software has become the target of many threat actors who are using it to spread various forms of malicious software.

Exploiting CVE-2024-27198 Vulnerability

Attacks based on the CVE-2024-27198 vulnerability pose a particular threat to TeamCity users as they allow bypassing authorization measures and gaining administrative control over affected servers. With a CVSS score of 9.8, the severity of this threat indicates potential serious consequences for organizations.

Response to Software Vulnerabilities

Ransomware groups like BianLian and Jasmin, as well as creators of cryptocurrency miners and other malicious programs, quickly exploited the disclosed TeamCity vulnerability for their purposes. Therefore, it is crucial for organizations using this software for CI/CD processes to immediately update their environments to secure against potential attacks.

Ransomware Infection Statistics

FBI data highlights an alarming trend of increasing ransomware infections. In 2023, 2825 cases were reported, resulting in financial damages exceeding $59.6 million. Notably, nearly half of these attacks targeted critical infrastructure, underscoring the scale of the problem.

Ransomware Activity Surge

According to Symantec, despite a reported decrease in ransomware attacks, the activity of these groups continues to rise. NCC Group reports that in February 2024, ransomware cases increased by 46% compared to January, with various groups like LockBit and Hunters dominating the landscape.

New Trends in Cybercriminal Tactics

Cybercriminals constantly refine their techniques and attack methods. Presently, attacks exploiting vulnerabilities in publicly available applications and living-off-the-land tactics are popular, allowing evasion of detection. Tools like TrueSightKiller and GhostDriver enable them to disable security software, making attacks even more effective.

Partnerships Among RaaS Operators

It is worth noting that the increased scrutiny on major ransomware operators is leading to the formation of new partnership relationships among them. This phenomenon may complicate detection and attribution of attacks, as well as facilitate operators transitioning to other providers due to lower requirements. It indicates the continuous evolution of threats in cyberspace and the necessity of constant adaptation to the changing landscape.