Since the online world is vulnerable to myriad security threats, organizations need to be abreast of the latest cybersecurity updates to protect their information systems better. Following are the top headlines this week to keep you updated on the most recent cyber developments.
CISA Reports Two Critical Flaws in Zabbix
The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently included two new critical flaws in its Known Exploited Vulnerabilities Catalog. These vulnerabilities were found in the Zabbix enterprise monitoring solution. The two vulnerabilities dubbed CVE-2022-23131 and CVE-2022-23134 could be used to gain administrator privileges by evading authentication. Having gained admin access, the adversaries would quickly execute arbitrary commands.
Organizations use the open-source monitoring platform Zabbix to collect and centralize data within their network. The two vulnerabilities in Zabbix were first discovered by cybersecurity experts at SonarSource. While no instances suggest the exploitation of these vulnerabilities, public proof-of-concept (POC) exploits do exist. SonarSource also reported that Zabbix is a popular target for threat actors and that an anonymous exploit acquisition company seems to be interested in Zabbix.
The vulnerabilities affect all Zabbix versions before 5.4.8, 5.0.18, and 4.0.36. However, these vulnerabilities were eventually patched in Zabbix Web Frontend 6.0.0beta2, 5.4.9, 5.0.19, and 4.0.37 versions. CISA recommends all users update to the latest Zabbix Web Frontend version to ensure ransomware protection.
Massive Increase in Social Media Attacks on Financial Sector
Ever since the Covid-19 pandemic began, cyberattacks have witnessed a massive surge. In its Quarterly Threat Trends & Intelligence Report, PhishLabs reported that social media threats doubled in 2021. The report mentioned that there had been a 103% surge in social media attacks from January to December 2021. On average, organizations underwent 68 attacks per month by year-end. The PhishLabs report provided a detailed analysis of the impacts of social media threats on the financial sector. Some of the most important findings include:
- While social media attacks targeting financial institutions were 33.8% in Q1, they increased to 61.3% in Q4.
- From Q1 to Q4, there has been a 554% surge in hybrid vishing attacks via email.
- Reportedly, the phishing attacks targeting the financial sector (banking, payment services, credit unions, and other business industries) have increased by 27.5% from Q1 to Q4 2021.
- In Q4, banking and payment services were targeted the most by attacks, with an attack percentage of 38.1% and 12.7%, respectively.
The attacks on the financial sector represented 82.7% of dark web activities in 2021. Thus, the industry was one of the primary targets of phishing attacks. These findings call for stricter layers of defense against cybersecurity threats.
Call For Employers to Strengthen Endpoint Ecosystem
A recent study by Mobile Mentor reports that 36% of employees try and find ways of not dealing with security policies, and 72% of employees prioritize their privacy over the company’s cybersecurity. These shocking statistics reflect why employers find it extremely difficult to eliminate human error from their cybersecurity picture. The study further highlights the grey areas of organizational security involving lack of password hygiene, inefficient onboarding of new employees, etc.
In particular, the report looks at the endpoint ecosystem (all applications, devices, and tools employees use in their organizations) to understand employees’ perception of productivity, privacy, and personal well-being in the current workplace. With the ongoing culture of working remotely and the Great Resignation as an addition, employers are still figuring out ways of supporting their employees. Along with several other significant findings, the study concluded that employers need to prioritize each component in the endpoint ecosystem to ensure the company’s email security.
Beware of Malicious Microsoft Teams Attachments
Microsoft Teams is a popular option for remote working and has over 270 million monthly active users. However, in recent times, adversaries frequently use the platform to target users by attaching malicious executables to conversations. Cybersecurity experts at Avanan have spotted thousands of such attacks since January where adversaries compromise a user account and use this to send malicious executable files to participants. Opening these messages installs DLL files in the user’s device and creates a shortcut link instructing the device to self-administer.
Since Microsoft Teams is one of the most common platforms used for official meetings today, securing it against such attack vectors is crucial. Therefore, it is recommended that users implement additional layers of security, such as verifying the authenticity of files in a sandbox before downloading them. Further, organizations should train employees to report suspicious files and use email gateway security applications.
US DoJ to Sentence a Malware Selling Businessman
The US Department of Justice (DoJ) recently arrested a Mexico-based businessman for selling and using malware and surveillance tools in the United States and Mexico. The alleged Carlos Guerrero (48) is a resident of Chula Vista, California, and confessed to using and selling hacking tools manufactured by Italy and Israel-based private companies. Guerrero appeared in a San Diego federal court where he was accused of owning multiple companies in Mexico and the US that operated as sales brokers for surveillance and interception tools.
Reportedly, Guerrero’s firms worked with Mexican government clientele private and commercial customers. Guerrero’s earliest association with such illegal activities dates back to 2014-15 when he worked with an Italian company creating hacking and location tracking devices. Eventually, he expanded his business and worked with surveillance software developers in Israel and other areas. Guerrero has helped shape many surveillance crimes. For instance, he was once a facilitator to a Mexican Mayor who hacked his opponent’s Hotmail, iCloud, and Twitter accounts. While this hardcore cybercriminal awaits his sentence, it is a given that he shall face a penalty of up to five years with a fine of $250,000.
Cybersecurity Best Practices According to ENISA and CERT-EU
In the interest of EU-based private and public organizations, the European Union Agency for Cybersecurity (ENISA) and CERT-EU have released a set of cybersecurity best practices. A report by ENISA states three significant factors causing cyberattacks on private and public organizations in the EU. These include ransomware attacks, monetization of cybercrime and related malicious activities, and attacks on critical infrastructure. The ENISA’s 2021 Annual Threat Landscape report analyses these three threat factors with great elaboration.
In addition, the CERT-EU reported in its Threat Landscape Report Volume 1 that APTs against the EU institutions, bodies, and agencies (EUIBAs) have increased by 60% in 2020. This figure further increased by 30% in 2021. With such alarming rates of attacks, the ENISA and CERT-EU recommend private and public organizations to follow at least some basic cybersecurity practices.