Tag: target | SpinSafe

Flawed Cisco firewalls used to target government networks

April 26, 2024/in Computer Security

A Cisco Talos investigation has uncovered a state-affiliated cyber espionage campaign exploiting two Cisco zero days to plant malware on critical government networks.

The campaign, known as ArcaneDoor, targets perimeter network devices, using them to gain a foothold on the target network, at which point they can start distributing malware, stealing information, and spreading throughout the organization.

Cisco said perimeter network devices are the perfect intrusion point for espionage-focused threat actors, due to their position as a throughpoint for vast amounts of data coming in and out of the network.

Researchers first became aware of the campaign in January 2024, finding evidence that the group, being tracked as UAT4356 or STORM-1849, had been testing and developing exploits to target the two zero days since at least July 2023.

While Cisco was unable to identify the initial attack vector used by the group, it said it has issued two fixes for two vulnerabilities exploited in the attacks.

What Cisco products were used in the attacks?

The two zero days exploited pertain to two Cisco firewall products, its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) solutions.

The first vulnerability, CVE-2024-20353, is a denial of service flaw that affects devices running one or both of Cisco’s ASA or FTD products, caused by incomplete error checking when parsing HTTP headers.

Cisco warned attackers can use crafted HTTP requests to a web server on a device, and if successful the attacker could cause a denial of service error when it reloads.

CVE-2024-20359, is a persistent local code execution vulnerability which if correctly leveraged could allow a local attacker to execute arbitrary code with root-level privileges.

Although the attacker would need administrator-level privileges to exploit the flaw, Cisco explained that because the injected code could persist across device reboots, it raised the Security Impact Rating (SIR) of its advisory from medium to high.

Focus on surveillance and post-compromise…

Source…

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

April 20, 2024/in Computer Security

Hackers targeted the company HQ in Purfleet, Essex on Tuesday

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders.

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access.

Carpetright’s network was taken offline due to the cyber attack but bosses insist that the virus was isolated before any data was swiped.

However phone lines are still down with callers met with the automated message ‘Thank you for your patience while we work on a solution’.

Staff and hundreds of customers were affected by the malicious virus with employees reportedly unable access their payroll information.

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders (file pic)

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access (stock photo)

A source told The Sun: ‘Some staff networks were taken down including the portals that workers use to book time off and look at payslips.

‘It happened abruptly and was worrying because customers couldn’t get through to helplines.

READ MORE: Hackers publish NHS patients’ data after cyber attack including names, addresses and medical conditions – as they vow to post thousands more unless ransom is paid

‘Everything at HQ was taken offline as that was the best way to stop the attack spreading to customer data.’

A spokesperson for Carpetright said: ‘We would like to apologise for any inconvenience caused.

‘We are not aware of any customer or colleague data being impacted by this incident and are testing and resetting systems, with investigations ongoing.’

The cyber attack at the flooring chain comes after hackers managed to access a ‘small number’ of patients’ data last month.

Ransomware group – INC Ransom – targeted NHS Dumfries and Galloway and claimed it was in possession of three terabytes of data from NHS Scotland.

A post on its dark web blog included a ‘proof pack’ of some of the data, which was…

Source…

Manufacturing sector top target for ransomware attacks last year

April 14, 2024/in Internet Security

Sunday 14 April 2024 6:06 am

Palo Alto said UK manufacturers and professional and legal services are most at risk of ransomware attacks.

The UK’s manufacturing sector is the prime target for ransomware attacks, according to data from Palo Alto Networks’ threat intelligence arm, Unit 42, seen by City A.M.

In 2023, manufacturers bore the brunt of ransomware assaults, accounting for 17.2 per cent of all attacks recorded in the UK, totalling 45 incidents.

They are particularly at risk due to their low tolerance for operational disruption, which can negatively impact production, cyber security company Palo Alto said.

With only one fewer incident last year, professional and legal services followed closely behind, suffering 16.9 per cent of ransomware attacks, as cyber criminals targeted sensitive data.

In 2023, the first year the study has been conducted, 261 ransomware attacks targeted UK organisations.

The UK’s technology and education sectors both experienced 8.4 per cent of attacks.

A ransomware attack is when hackers use malicious software to encrypt files or systems, demanding payment, often in cryptocurrency, for their release. The impact on businesses can include loss of data, reputational damage, regulatory penalties and higher insurance premiums.

Palo Alto Networks recently released a separate report, revealing that the frequency of cyber assaults on UK companies has surged, with attacks occurring on a monthly, weekly, and even daily basis for 76 per cent of respondents.

Amid the rise, regulatory pressure is mounting on companies, particularly in critical infrastructure sectors, to enhance their cyber security measures.

For example, the Product Security and Telecommunications Infrastructure (PSTI) Act is coming into force on 29 April. It will require manufacturers of internet-connected or ‘smart’ products to ensure they meet minimum security requirements, protecting consumers.

Source…

Rise of Zero-Day Vulnerabilities: Enterprise Software Now a Prime Target for Hackers With 64% YoY Surge

April 10, 2024/in Internet Security

In the fast-paced world of cybersecurity, “zero-day” vulnerabilities loom as a formidable challenge for tech giants investing billions in enhancing user experiences. These vulnerabilities are mostly software flaws that developers fail to detect, leaving no immediate patches or fixes available to protect against potential exploitation. According to a recent report, “Google’s Threat Analysis Group,” the year 2023 witnessed a significant rise in the exploitation of zero-day vulnerabilities.

To be precise, the exploitation of zero-day vulnerabilities increased a notable 56.5% YoY, from 62 in 2022 to 97 in 2023. However, this number fell short of the record set in 2021, when 106 zero-day vulnerabilities were observed being exploited.

The surge in vulnerability exploitation suggests that hackers are becoming more aggressive and adept at discovering and using vulnerabilities to launch cyberattacks.

As these vulnerabilities are exploited, Commercial Surveillance Vendors (CSVs) emerge as key players in the cyber threat ecosystem. In 2023, CSVs were responsible for 75% of known zero-day exploits targeting Google products and Android ecosystem devices, comprising 13 out of 17 vulnerabilities. These CSVs specialize in selling spyware capabilities to government clients for surveillance activities.

Out of the 37 zero-day vulnerabilities exploited in browsers and mobile devices in 2023, more than 60% were attributed to Commercial Surveillance Vendors (CSVs).

Attackers have also increased their efforts to exploit vulnerabilities within third-party components and libraries. This strategy was chosen because exploiting these vulnerabilities could potentially impact multiple products simultaneously.

Threat actors across various motivations actively sought out vulnerabilities in products or components that offered broad access to multiple targets, reflecting a scalable and effective approach to launching attacks.

It is important to note that there was a whopping 64% YoY increase in the number of vulnerabilities targeted by hackers in enterprise-specific technologies during 2023. This trend was further evidenced by the widening range of enterprise vendors targeted since at least 2019,…

Source…

Tag Archive for: target