Sophos, a global leader in cybersecurity solutions, has revealed an attack by the Cring ransomware operators against a target after hacking a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software.
The target used the server to collect timesheet and accounting data for payroll and to host multiple virtual machines. The attackers breached the internet-facing server in minutes and executed the ransomware 79 hours later.
“Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target,” said Andrew Brandt, principal researcher at Sophos. “In the incident we researched, the target was a services company, and all it took to break in was one…