Public exposure doesn’t deter this attacker, and more
Welcome to Cyber Security Today. It’s Wednesday, August 23rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Public exposure several months ago of an intelligence-gathering threat actor hasn’t stopped their efforts. According to researchers at Lumen, whoever is deploying what they call the Hiatus remote access trojan wasn’t deterred much after the company reported in May on their complex campaign to infect edge network routers in Europe and Latin America. The next month the unnamed attacker recompiled their trojan, set up new servers and went after a U.S. Defense Department server used for submitting contract proposals as well as organizations in Taiwan. There’s suspicion the threat actor is linked to China and is looking to gather information. The attacker downloaded 11 MB of data from the compromised military server. The report emphasizes the importance of hardening edge network devices. This includes protecting these devices by only allowing access through VPNs.
Attention administrators with Ivanti Sentry or MobileIron Sentry in your environments for protecting access for mobile devices. There’s a serious vulnerability in the suite that could allow an attacker to bypass authentication. If you don’t expose the System Management Portal to the internet you’re OK. But if you do, the latest RPM script has to be installed. Note that unsupported versions of Sentry cannot be patched.
Attention administrators who have VPNs from Cisco Systems to protect network access: There are reports that attackers deploying the Akira strain of ransomware are targeting users of Cisco VPNs who haven’t enabled multifactor authentication for extra login protection. An incident responder told Bleeping Computer they investigated several attacks at organizations that were hit this way. A security vendor has also seen similar evidence. IT administrators who use any brand of VPN should ensure all users enable multifactor authentication for extra protection because VPNs are increasingly being targeted by threat actors.
Mischief-makers believed to be tied to Russia spread misinformation on social media to influence conversations around last month’s NATO conference in Lithuania. According to the news site Graphika, that included distributing documents purportedly hacked from the Lithuanian government, and seeding false claims about NATO’s spending and involvement in French domestic affairs. It appears they had little effect.
Finally, security pros know that every device that has WiFi or Bluetooth capability is a risk both in the organization and at home. The latest example comes from university researchers in Italy and England who found vulnerabilities in TP-Link’s Tapo smart bulbs and app. The lesson: If your business doesn’t need a WiFi-controlled light bulb — or coffee maker, or pencil sharpener — don’t allow it unless you’re sure it meets cybersecurity standards such as encryption and the ability to get security updates. The same thing at home with WiFi bulbs, toothbrushes and toys.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.