Search
  • J. Foster Davis

Atlassian Confluence Threat: BreachBits Response & Integration

Updated: Jun 5

Details of a new threat that could allow attackers to easily gain access to Atlassian Confluence Server and Data Center and possibly nearby systems was released yesterday. As a part of our continuous service to help businesses stay ahead of attackers, BreachBits has analyzed this threat and has developed detection capabilities for immediate integration in our BreachRisk™ service, and we expect to deploy testing capabilities within the week.


Exploiting Log4Shell in vulnerable exposed software is trivial for attackers, requiring very little technical skill...

Background

On June 2nd, 2022, details of how attackers can exploit this vulnerability in Atlassian Confluence was publicly announced.


Atlassian Confluence is a suite of collaboration tools that help teams store, organize, and segment wiki-like documents.


The vulnerability can affect each of the Atlassian Confluence Server and Data Center products, and Atlassian has issued an advisory that is tracking details as they develop. As of June 4th, this vulnerability does not affect Atlassian Confluence Cloud.


As a part of our continuous process, BreachBits has analyzed this threat and is developing detection and testing capability for immediate integration in our BreachRisk™ service.

Exploiting this vulnerability is easy for highly-skilled attackers. The ease of this attack will likely lead to adoption by ransomware threat groups in the coming weeks or months.


What we are doing

We provide our BreachRisk™ for Business and BreachRisk™ Portfolio customers continuous threat detection and testing services for threats just like this. Our job is to answer these questions for our clients:

  • "Does this threat affect me?"

  • "If so, where am I affected?"

  • "How does this affect my overall cyber risk profile (i.e. my BreachRisk Score)?"

  • "Where does this threat stack up against other ongoing cyber threats?"

  • "How will I know when the situation is handled?"

As a part of our routine process, we have worked tirelessly since the announcement of this vulnerability to integrate capabilities to match this threat. Our automation and A.I.-based systems are designed to accept rapid development for threats such as these. We don't just report technical data, we put the threat into context using BreachRisk™ Score and BreachRisk™ Report.


As details of attack methods become well known to attackers continue to become available, we expect attackers of lower skill levels to also learn to execute this attack. BreachBits will continue to update and refine our BreachRisk™ solutions to identify exposed vulnerable and attack methods. BreachBits will continue to initiate new BreachRisk™ assessment cycles for customers when new affected software is released publicly to help our customers stay ahead of attackers.


What You Should Do

If you are a BreachRisk™ for Business customer, we are already examining your external attack surface. You should also do the following:

  1. Provide any IT infrastructure that we haven't already discovered via the Verifications page on your Dashboard. This will allow us to identify more of the attack pathways that are accessible from the internet.

  2. Enable High Fidelity Testing if you have a Pro subscription. This will allow us to test any attack pathways we identify to see if an attacker can achieve a breach.

  3. Since we are inspecting your external attack surface, you should have your security team search your internal systems, which we may not be able to see.

If you are a BreachRisk™ Portfolio client, consider contacting the companies in your portfolio and encourage them to take the steps above if they haven't already.


You should also do the following, especially if you are not a BreachRisk™ customer.:

  1. Identify if the threat is present on your systems.

  2. Pinpoint where you are affected.

  3. Consider how your business would be impacted if the affected element were to be shut down, breached, or taken over by an attacker.

  4. Determine if this risk is significant enough to divert resources from other efforts, and make a decision to attempt a fix or not.

  5. If you attempt to fix, follow up to verify the fix was applied. You may need to repeat this cycle as more information emerges.

Now that the vulnerability is public, be on the lookout for further guidance from software developers and security firms.


What We've Told Our Clients

We have integrated early detection and testing methods for all clients. Here is the notice we have sent to all existing clients so they are reminded of the process. We believe this helps our clients avoid panic, quickly understand risk, and quickly make efficient business decisions related to their specific situation.


What's Next

We are already searching the attack surfaces of our clients for this threat. Within the week, we expect to be able to test affected clients to prove whether the threat could impact their business. BreachBits will continue to monitor the situation and update threat vector identification capabilities into our continuous monitoring and testing solutions. As BreachBits discovers vulnerable hosts, we will reach out to the affected customers to notify and provide support as required.

Now that the vulnerability is public, be on the lookout for further guidance from software developers and security firms.

Due to the nature of our technology, our AutoIntelligent Persistent Threat Engine can easily check for this threat across hundreds of thousands of clients for decades to come.



 

Update Log

  • 05 Jun 2022: Added checklist for BreachRisk™ for Business and BreachRisk™ Portfolio customers.

14 views0 comments