Few security threats are as viscerally frightening as ransomware. It's one thing to have your data stolen from a device, it's another entirely to be forced to pay cybercriminals to regain control of your device entirely. Unfortunately, hackers are finding new ways to implement this well known threat, and not infrequently are using Java-based code to create their attacks.
Two of the more unique forms of ransomware trends include a "human-operated" ransomware called PonyFinal and another that can target devices connected via the internet of things, including smart appliances such as coffee makers. Both are Java-based programs.
Out of the stable
The PonyFinal threat was first discovered by Microsoft's Security Intelligence group, who publicized the new ransomware over Twitter, according to Infosecurity Magazine. The threat was first spotted on the systems of multiple hospitals during the first peak of the COVID-19 pandemic in April, when resources were stretched thin. Experts believe the programs may have been deployed months in advance, however.
PonyFinal typically accesses target devices by deploying the Java Runtime Environment program, which it needs to run, or using a brute-force attack to on the systems management server to find existing endpoints already using JRE. The program is set to cover its tracks by deploying a remote manipulator system that bypasses event logging.
The end result is that businesses already running JRE may have no idea that they were attacked until they've already lost access to their devices. In some cases PonyTime may be encrypted to sit in a system for weeks or months before ultimately revealing itself.
Once the program has infiltrated a system, it delivers the PonyFinal ransomware through an MSI file called that includes the two batch files and the ransomware payload. The batch files schedule a task on the target device called 'Java Updater,' which ultimately runs the PonyFinal.JAR payload.
In addition to basic overall cybersecurity protocol, Microsoft recommends that organizations scan for brute-force activity and patch all of their internet-facing assets, with an emphasis on VPNs and all other remote access infrastructure.
An everyday device
The health care sector isn't the only area being faced with Java-based ransomware threats. With more home devices than ever connected to larger networks through Internet of Things (IoT) technology, there's possibility of a cyberattack as close to home as your kitchen. According to Security Boulevard, a IoT-enabled coffee maker from the company Smarter Kitchen Appliances was sent to consumers with no firmware signing and no protected area inside the chipset.
According to Mike Nelson, the vice president of IoT technologies for the firm DigiCert, that kind of vulnerability opens the door to a wide variety of problems.
"Not signing firmware updates and storing security credentials in unprotected memory is giving away the keys to your kingdom. This opens the potential for a hacker to embed malware in your update package, and to masquerade as a trusted actor in your ecosystem with no limitation of what they could do," said Nelson, speaking with Security Boulevard.
While the threat of hackers infiltrating your company's break-room coffee machine may seem silly, the real concern is the way the Smarter Kitchen Appliances model, and other IoT-enabled devices, can offer easy access to the rest of your network. In this case, the coffee maker acted as a Wi-Fi access point, so that users could interact with the machine through a smartphone app. A skilled hacker could use these vulnerabilities to exploit other hosts on your network. Implementing safe authentication and identification frameworks that provide multi-factor authentication and strong encryption is of paramount importance for protecting this area of your network infrastructure.
Although no cyberattack on this particular machine has been found to have occurred outside of a research facility, the model is no longer eligible for firmware updates, meaning that its owners are still vulnerable and cannot implement a patch. Smarter Kitchen Appliances was able to implement fixes to the problem in a newer model of the coffee maker.
The shortcomings of Java Terminal Emulators
Whether worried about ransomware, data breaches or other serious threats, keep in mind that unsecured, and obsolete Java-based programs may be holding your organization back. While Java is a building block of many important applications, its widespread use means that its vulnerabilities are well known by hackers and easy to exploit. Luckily, an advanced terminal emulation tool can help you remove Java from the equation, without requiring you to get rid of the critical mainframe programs that keep your organization running.