Cyber attackers are exploiting an older Drupal remote code execution vulnerability CVE-2018-7600 dubbed Drupalgeddon2.
Security researcher Larry Cashdollar of Akamai observed the attack campaign continues to target the Drupalgeddon2 flaw that impacts the Drupal CMS platform.
“I observed an attack that is designed to run code that is embedded inside a .gif file. While embedding code in image file isn’t a new attack method, I haven’t seen this method in quite some time,” Cashdollar said in a blog post on Monday.
Drupal had patched the vulnerability on multiple Drupal versions in March of 2018. Palo Alto’s Unit 42 group also wrote a detailed analysis on the exploit in the wild in May of last year.
These attacks are a stark reminder for organizations to maintain patches in timely manner and not forget about older systems. Hackers will often use automated scripts to scan and exploit older vulnerabilities on public facing systems, then pivot to other critical systems on your network.