Citroen Car Manufacturer Hacked with Adobe ColdFusion Vulnerability

Major french automobile manufacturer, Citroën, has been the latest victim to an Abobe ColdFusion cyber attack. The same gang of hackers that breached Adobe, PR Newswire and the National White Collar Crime Center along with many others, by exploiting Adobe software, recently set eyes on Citroën.

A recent report by the Guardian confirms hackers exploited one of Citroën’s German websites, installing a backdoor to siphon out data, and do as pleased with other data on the server.

Attackers managed to embed a backdoor on shop.citron.de, a subdomain used for buying Citroën-based gifts. While the backdoor was live, hackers took advantage of the exploit, and stole users data. The spokesperson for Citron confirmed customers data was in fact stolen. The company is unsure on how many were affected, but has contacted all customers detailing them to check their bank for suspicious transactions. Alex Holden, chief of information security at Hold security, told the Guardian that the backdoor has since been removed and investigations on the breach will continue. The backdoor was live since at least August 2013.

Alleged hackers have been scanning websites for weaknesses in a web application platform from Adobe known as ColdFusion. “The exploitation was targeted across the entire internet looking specifically for ColdFusion exploits,” Holden said. “To explain the backdoor simply, it provides full command line and SQL database access with the rights of the user running the web services, which usually means everything on the web server,” Holden added.

It is unsure what data was breached from the official Citroën website. The official Citroën website is not actually managed by Citroën itself. Web design firm, anyMotion, is responsible for Citroën’s website. anyMotion said it fixed the backdoor but is proceeding to investigate whether hackers have installed further files or taken data. “We are examining the machines for known backdoors and unwanted software that someone may have installed on the machine,” said anyMotion’s Heinz Brasch.

It is unsure if what personal or financial data has been breached or leaked by hackers. The Citroën data breach is undergoing investigation with German law enforcement agencies. As Citroën is dealing with their recent cyber attack, other reporters have detailed how third party processors can be dangerous. A company can only be so secure, till it comes to a third party processor. Third party data processors can lead to many security vulnerabilities, along with risk millions of customers data. Once the third party processor has been hacked, companies can not pawn off the problem saying it was strictly the processors fault. There are many issues, and companies data has been lost too in such occurances.

Since the breach, vulnerabilities in ColdFusion have been patched.