You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Coronavirus-Themed Cyber Attack Campaigns At-a-Glance

As we have observed over the past month, there has been no shortage of coronavirus-themed cyber attack campaigns. Dare we say, the campaigns even parallel the pandemic spread of the actual virus. Coronavirus is the biggest news on the planet, and cyber attackers are not ones to pass up an opportunity, no matter how tragic. Multiple factors contribute to the volume of related scams, but the biggest common denominator is arguably end users. There are multiple attack tactics per day - too numerous to keep up-to-date – that are taking advantage of vulnerable and distracted end users.

FBI Releases Guidance on Defending against VTC Hijacking and ZoomBombing

The FBI has released an article on defending against video-teleconferencing (VTC) hijacking that, as WaterISAC noted in its Tuesday Security and Resilience Update, is referred to as “ZoomBombing” when attacks are to the Zoom platform. Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and Microsoft Teams, to stay connected during the COVID-19 pandemic.

Coronavirus-Themed Destructive Wiper Malware

Malicious actors are leaving no technique unturned as they continue to predictably use every conceivable method to wage their coronavirus-themed attack campaigns. While the ploys are the same, the deluge of themed attacks is unprecedented. Therefore, it should come as no surprise that malware authors would eventually develop successful disk wiping malware designed around a coronavirus theme.

B&R Automation Studio (ICSA-20-093-01) – Product Used in the Energy Sector

CISA has published an advisory on improper privilege management, missing required cryptographic step, and path traversal vulnerabilities in B&R Automation Studio. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations. B&R recommends applying product updates or applying a series of workarounds until updates can be applied. CISA also recommends a series of measures to mitigate the vulnerabilities.

Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit Increased Use of Virtual Environments

The FBI has published a public service announcement (PSA) indicating that it anticipates cyber actors will exploit increased use of virtual environments by government agencies, the private sector, and individuals as a result of the COVID-19 pandemic. In the PSA, the FBI states it has received more than 1,200 complaints related to COVID-19 scams and that cyber actors have engaged in phishing campaigns against first responders, launched DDoS attacks against government agencies, deployed ransomware at medical facilities, and created fake COVID-19 websites that quietly download malware.

Sodinokibi Ransomware Actors Adopt New Tactics

The FBI has published a Private Industry Notification (PIN) advising that Sodinokibi ransomware actors have adopted new tactics with the potential to increase the number of victims. According to the PIN, these new tactics include examining data in compromised accounts for information that could provide leverage for extortion and searching for unpatched vulnerabilities in VPN servers to facilitate deployment of malware. These tactics mimic those of several other ransomware groups, including the one behind Maze.

Security Awareness – Lock Down Virtual Meeting Platforms to Avoid "ZoomBombing"

ZoomBombing – it’s photo-bombing for virtual meetings. As countless citizens work and learn from home through virtual conferences, miscreants are trolling social media for open/public links to Zoom and other virtual meetings. There have been numerous reports of conferences being bombed with unsavory images and hate speech. Anyone publicly sharing virtual conference links on social media, such as Instagram/Twitter/Facebook and other mediums where they could be discovered by scoundrels should change screensharing to “Host Only” before a call begins.

Stuxnet-Style Attacks Still Possible Against PLCs

Originally designed to target Siemens SIMATIC PLCs, researchers recently demonstrated vulnerabilities from Stuxnet-style exploits could also affect similar products from other vendors. According to the report, researchers at Airbus CyberSecurity determined that a vulnerability in Schneider Electric’s Modicon M340 and M580 PLCs can be exploited to upload malicious code by replacing one of the DLL files associated with the engineering software. The attack targeted the controller via Schneider’s EcoStruxure Control Expert engineering software, formerly known as Unity Pro.

Mitsubishi Electric MELSEC (ICSA-20-091-02)

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC. All versions of MELSEC’s iQ-R, iQ-F, Q, L, and F series are affected. Successful exploitation of this vulnerability may render the device unresponsive. Mitsubishi Electric recommends some measures to mitigate the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Hirschmann Automation and Control HiOS and HiSecOS Products (ICSA-20-091-01)

CISA has published an advisory on a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS Products. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to overflow a buffer and fully compromise the device.

Pages

Subscribe to Cybersecurity