Cybersecurity Digest #32: 23/08/2021 – 03/09/2021

Cybersecurity news

• Researchers at Huntress Labs estimate that over the past few days, about 2,000 Microsoft Exchange mail servers have been compromised and infected with backdoors, because their owners have not installed patches to fix ProxyShell vulnerabilities.
• An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.
• Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code. The security flaw (tracked as CVE-2021-34746) was found in the TACACS+ authentication, authorization, and accounting (AAA) of Cisco’s Enterprise NFV Infrastructure Software, a solution designed to help virtualize network services for easier management of virtual network functions (VNFs).
• Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined.
• The cybersecurity researchers at the Swiss Higher Technical School of Zurich have recently identified a critical vulnerability that allows any threat actor to bypass PIN codes on contactless cards from Mastercard and Maestro.
• China has issued draft guidelines on regulating the algorithms used by internet service providers to make recommendations to users. Service providers must abide by business ethics and principles of fairness and should not set up algorithm models that entice users to spend large amounts.

Cybersecurity Blog Posts

• Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers’ infrastructure.
• Matt Kelly thinks that compliance and cybersecurity need more collaboration. He explained how develop better risk assessments and build an integrated set of response plans.
• CyberArc experts have published the list of key questions and considerations can help guide IT security decision-makers by simplifying the process of evaluating and selecting the right technology vendor and tools to help accomplish the identity and Privileged Access Management goals.
• Governments are increasingly taking on cybersecurity threats. Michael Hill shared 9 notable government cybersecurity initiatives introduced by governments around the world in 2021.

Research and Analytics

• FortiGuard Labs has released 2021 mid-year Global Threat Landscape Report. The first six months of 2021 saw a significant increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure. The Report Highlights Tenfold Increase in Ransomware.
• Radware, a leading provider of cyber security and application delivery solutions, announced results from its Q2 2021 DDoS Attack Report. The report revealed that second quarter blocked DDoS attack volumes were up more than 40% compared to the same period in 2020. The report provides an overview of DDoS attack trends by industry, as well as across applications and attack types.
• Veracode has published Software Composition Analysis, Q3 2021 performed by Forrester Wave™. The report details essential elements of software composition analysis providers and ranks Software Composition Analysis (SCA) vendors based on their current offering, strategy, and market presence, across 37 criteria such as vulnerability identification, remediation, reporting, and software bill of materials.
• H1 2021: Malware and Vulnerability Trends Report examines trends in malware use, distribution, and development, and high-risk vulnerabilities disclosed by major hardware and software vendors between January 1 and June 30, 2021. Data was assembled from the Recorded Future® Platform, open-source intelligence (OSINT), and public reporting on NVD data.
• As proxyware has grown in popularity, attackers have taken notice and are now attempting to exploit this interest to monetize their malware campaigns – explained Cisco Talos experts in their research. Adversaries are finding new ways to monetize their attacks by abusing internet-sharing, or “proxyware” platforms like Honeygain, Nanowire, and others.
• A recent survey conducted by Honeywell sheds light on the OT cybersecurity challenges, concerns and priorities of surveyed facility managers in the United States, Germany and China across four sectors — education, healthcare, data centers and commercial real estate. The survey results from all countries and sectors found that more than 1 in 4 (27%) respondents have experienced a cyber breach of their OT systems in the last 12 months.
• The Open Web Application Security Project’s Top 10 listed the 10 most visible and dangerous application risks and threats.
• Pentest-Report Mozilla VPN Apps & Clients 03.2021 describes the results of a security assessment targeting five Mozilla VPN Qt5 applications and clients, together with their corresponding codebase. Conducted by Cure53 in the frames of a penetration test and a source code, the work took place in spring 2021.

Major Cyber Incidents

• Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware.
• Personal data of 70 million AT&T customers are being sold by hacker. The database allegedly containing gigabytes of AT&T customer information, including social security numbers, and is asking for $1 million to take it down. The hacker, known as ShinyHunters, posted an example list of names, addresses, and social security numbers verified to be accurate and offers the rest for sale to hackers.
• SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The personal information belonging to current and former employees (and their health plans’ dependents or beneficiaries) was also stolen during the ransomware attack on August 13, following a forensic investigation conducted with the help of external cyber security experts.
• The UpGuard Research team has revealed that over 1,000 web apps leaked more than 38 million records containing names, COVID-19 tracing information, and other personal data because their operators misconfigured the Microsoft Power Apps platform that was used to manage their software.
• Bangkok Airways, a major airline company in Thailand, confirmed it was the victim of a cyberattack earlier this month that compromised personal data of passengers. The announcement came after the LockBit ransomware gang had posted a message on their leak site claiming the breach and threatening to publish stolen data unless the ransom was paid.
• A US farm lost a whopping $9 million due to a temporary shutdown of its farming operations following a ransomware attack earlier this year – the FBI said this week. The incident, which took place in January 2021 after hackers gained access to the farm’s internal network through compromised admin credentials, is part of a series of examples the FBI included in a private security alert the agency sent on Wednesday to organizations in the US food and agriculture sector.
• The hacker who is taking responsibility for breaking into T-Mobile US Inc.’s systems said the wireless company’s lax security eased his path into a cache of records with personal details on more than 50 million people and counting.