Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal
Endless bad news typically results in people becoming inured to it. The recent media 24-7 death counts on COVID-19 caused many people to switch off. It was just too much. Rating plummeted at CNN and other networks.
In IT security, there is a danger of the same thing happening with reports of flaws, bugs, zero-day attacks, ransomware heists, and breaches. Hardly a day goes by without a new one. Some are more virulent than others. But all gain some kind of coverage. It quickly becomes too much. People tend to gloss over it and worse, get on with business as usual.
At Syxsense, therefore, as a public-spirited gesture, we will quickly summarize some of the recent carnage into one short report. Yes, it is important to know what is going on and where to be vigilant. But most importantly, it is vital to know that something can always be done about it. Those enterprises that are the least prepared are the ones that suffer the most in dangerous times like these.
Recent Flaws and Breaches
Here is an incomplete list of some recent news on security issues:
JFrog Security Research identified hundreds of malicious packages designed to steal personally identifiable information (PII) in a large-scale typo-squatting attack from Azure users. A similar supply chain attack targeting German industrial companies such as Bertelsmann, Bosch, Stihl, and DB Schenker uses the npm repository to take control over infected machines.
A C programming library for IoT products has been found to be vulnerable to Domain Name System (DNS) cache-poisoning attacks. The bug generates incremental transaction identifiers in DNS response and request network communications. Patches are being developed to resolve these issues.
Plug-ins and extensions for content management systems (CMSs) are being increasingly used to hijack websites. Sucuri’s 2021 Website Threat Research Report called attention to potential issues with WordPress, Joomla, and Drupal due to vulnerable plugins and extensions.
Hackers are getting more patient. One group stayed inside a network for 18 months before striking – quietly waiting for the right opportunity. The group is known as UNC3524 also installs backdoors so normal security tools can’t completely eliminate it. If IT finds the malware and removes it, the bad guys can reinstall it almost immediately.
Phishing success continues. One criminal set up a website to look like a U.S. Department of Defense site and diverted $23.5 million to his bank account that was supposed to go to a jet fuel supplier. And an owner of a nail salon in California tricked a public school district in Michigan into wiring its monthly health insurance payment of $2.8 million to his bank account. Meanwhile, LinkedIn has emerged as the new favorite of scammers, according to Check Point. Apparently, more than half of all phishing attacks in one month used LinkedIn. The goal is to obtain login credentials and take it from there. And of course, phishing campaigns now seek to capitalize on the latest Ukraine news to tempt people to click on a malicious link or attachment. Finally, Phishing-as-a-Service has emerged to make it easy for non-technical criminals to profit from phishing scams. One group provides phishing services aimed at Coinbase, Netflix, Amazon, and eBay users.
Ransomware claims more victims. NCC Group reported that ransomware attacks increased 53% from the previous month with Industrials (34%), Consumer Cyclicals (21%), and Technology (7%) being the most targeted areas. Examples: Coca-Cola suffered a server breach and a hacking group claims it stole 161 GB of data. The FBI warned that the agriculture sector is suffering ransomware attacks timed to coincide with spring planting or fall harvesting periods.
Industrial control systems (ICS) are a new target. An FBI investigation found that custom tools now exist that can gain access to ICS platforms and supervisory control and data acquisition (SCADA). This particularly applies to programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers. If undetected, hackers could gradually work their way up the food chain and potentially take over control of an energy facility/
A Java vulnerability known as CVE-2022-21449 allows an attacker to intercept communication and messages that should have been encrypted, such as SSL communication and authentication processes. Fixes are now available.
Enhance Your Security Now
Perhaps the worst news among all this is that the above summary represents a small fraction of ongoing hacks, breaches, and vulnerabilities. Now is the time to upgrade your security profile by implementing automated tools. Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.