K-12 schools in the United States have been put on alert after it was discovered that backdoors have been installed on a number of servers running Follet’s Destiny Library Management System. More than 60,000 schools in the United States use Destiny to track school library assets, a number of which now face a high risk of cyberattack.

A security vulnerability in the JBoss platform has recently been used to launch attacks on a number of organizations in the United States. The vulnerability has allowed malicious actors to gain access to servers and install ransomware. The main targets thus far have been hospitals, including Baltimore’s Union Memorial which was infected as a result of a ransomware attack on its parent organization MedStar. The attackers gained access to servers at MedStar and used SamSam ransomware to lock critical files with powerful encryption. The discovery of the ransomware resulted in the forced shutdown of MedStar’s EHR and email causing widespread disruption to healthcare operations.

Over 2000 Backdoors Discovered to Have Been Installed on Servers Running JBoss

Since the attack took place, Cisco’s Talos security team has been scanning the Internet to locate servers that are vulnerable via the JBoss security vulnerability. Earlier this week Talos researchers discovered 3.2 million servers around the world are vulnerable to attack. However, there is more bad news. Attackers have already exploited the security vulnerability and have installed backdoors in thousands of servers. In some cases, multiple backdoors have been installed by a number of different players by dropping webshells on unpatched servers running JBoss. 2,100 backdoors were discovered and 1,600 IP addresses have been affected.

Hospitals have been targeted as they hold a considerable volume of valuable data which are critical to day to day operations. If attackers are able to lock those files there is a high probability that the hospitals will be forced to pay a ransom to unlock the encryption. Hollywood Presbyterian Medical Center had to pay a ransom of $17,000 to unlock files that had been encrypted in a ransomware attack. Schools are also being targeted.

Poor patch management policies are to blame for many servers being compromised. The JBoss security vulnerability is not new. A patch was issued to correct the vulnerability several years ago.  If the patch had been applied, many servers would not have been compromised. However, some organizations, including many schools, are not able to update JBoss as they use applications which require older versions of JBoss.

Destiny Library Management System Vulnerabilities Addressed With A New Patch

A number of schools running Destiny Library Management System were discovered to have been compromised by attackers using the JexBoss exploit to install backdoors, which could be used to install ransomware. Follett discovered the problem and has now issued a patch to address the security vulnerability and secure servers running its Destiny Library Management System. The patch plugs security vulnerabilities in versions 9.0 to 13.5, and scans servers to identify backdoors that have been installed. If non-Destiny files are discovered they are removed from the system.

Any school using the Destiny Library Management System must install the patch as a matter of urgency. If the Destiny Library Management System remains unpatched, malicious actors may take advantage and use the backdoors to install ransomware or steal sensitive data.