Information Security News – 12/23/2024

Share This Post

CISA Orders Federal Agencies to Secure Microsoft 365 Tenants

Article Link: https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/amp/Hackers Using New IoT/OT

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 25-01, mandating federal civilian agencies to add to the security of their Microsoft 365 cloud tenants.
  • This directive requires agencies to deploy CISA’s automated assessment tools, integrate with continuous monitoring systems, and address any security gaps within set timeframes to prevent unauthorized access and data breaches.
  • Prevailed by recent cyber incidents exploiting cloud misconfigurations, this move aims to strengthen the defenses of federal networks, ensuring the protection of sensitive government data.
  • Agencies are advised to promptly identify their cloud tenants, utilize the necessary assessment tools, and align their cloud configurations with CISA’s security baselines to mitigate potential risks.
  • CISA tool: https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
  • ScubaGear: https://github.com/cisagov/ScubaGear

Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls

Article Link: https://gbhackers.com/iocontrol-iot-attack/

  • The Iranian-backed group CyberAv3ngers has launched a custom malware names IOCONTROL targeting Internet of Things (IoT) and Operational Technology (OT) devices, including IP cameras, routers, Programmable Logic Controllers (PLCs), and Human-Machine Interfaces (HMIs), and firewalls.
  • IOCONTROL takes advantage of vulnerabilities in these devices, using Messaging Queuing Telemetry Transport (MQTT) to stay hidden while allowing attackers to control systems, maintain access, and dodge detection with tools like DNS over HTTPS.
  • Attacks have hit critical infrastructure in Israel and the U.S., targeting fuel systems and water facilities, affecting over 200 gas stations, disrupting operations, and demonstrating the growing threat from nation-state actors targeting indispensable services.
  • Regularly updating device software, monitoring networks for strange behavior, and use secure authentication and encryptions to protect against such sophisticated threats.

U.S. Reportedly Mulls TP-Link Router Ban Over National Security Risk

Article Link: https://www.theregister.com/2024/12/18/us_govt_probes_tplink_routers/

  • U.S. authorities are investigating TP-Link, a Chinese manufacturer of home and small business routers, over national security concerns.
  • The probes focus on potential security risks, including allegations that TP-Link’s devices have been exploited in cyberattacks linked to Chinese entities.
  • TP-Link holds about 65% of the U.S. router market, and its devices are used by federal agencies, amplifying concerns about the potential for widespread security vulnerabilities.
  • Users are advised to update their router firmware regularly, change default passwords, and monitor network activity to augment security.

Cleo Vulnerability Attacks Claimed by Clop Ransomware Gang

Article Link: https://www.scworld.com/news/cleo-vulnerability-attacks-claimed-by-clop-ransomware-gang

  • The Clop ransomware group has exploited critical weaknesses in Cleo’s managed file transfer platforms, Harmony, VLTrader, and LexiCom, resulting in breaches at no fewer than 10 organizations. These platforms, commonly used for secure data exchanges, became entry points for attackers to infiltrate business systems.
  • Clop began by targeting an unpatched vulnerability (CVE-2024-50623) and escalated their campaign by leveraging a second flaw (CVE-2023-55956), dubbing this new malware “Malichus,” which allows remote code execution without authentication.
  • Clop, notorious for the 2023 MOVEit Transfer attack that compromised nearly 2,800 entities, continues to target supply chain platforms, specifically focusing on its Cleo campaign.
  • Organizations using Cleo products should promptly update to version 5.8.0.24, remove the software from public internet exposure, disable the Autorun directory feature, and stay informed about security advisories to minimize risk.

Fortinet Patches Critical FortiWLM Vulnerability

Article Link: https://www.securityweek.com/fortinet-patches-critical-fortiwlm-vulnerability/

  • Fortinet has released patches for a critical vulnerability (CVE-2023-34990) in its Wireless Manager (FortiWLM) software, which could allow unauthenticated attackers to execute arbitrary code.
  • The flaw is a relative path traversal issue that enables remote attackers to read sensitive files, potentially leading to code execution. It affects FortiWLM versions 8.5.0 through 8.5.4 and 8.6.0 through 8.6.5.
  • Exploitation of this flaw could lead to serious risks for organizations, including unauthorized access and control over wireless network management systems.
  • Organizations using FortiWLM should update to versions 8.5.5 or 8.6.6 immediately and continue monitoring for security advisories to stay protected.

Ukrainian Raccoon Infostealer Operator Sentenced to Prison in U.S.

Article Link: https://www.securityweek.com/ukrainian-raccoon-infostealer-operator-sentenced-to-prison-in-us/

  • Ukrainian national Mark Sokolovsky, age 28, has been sentenced to 60 months in a U.S. prison for operating the Raccoon Infostealer malware service.
  • Sokolovsky offered Raccoon Infostealer as a subscription service, charging approximately $200 per month in cryptocurrency. Subscribers used the malware to steal personal and financial data from victims’ computers, which was then used for fraud or sold on cybercrime forums.
  • Raccoon Infostealer infected millions of computers worldwide, causing extensive financial losses and privacy breaches. The FBI dismantled its infrastructure in 2022, recovering over 50 million unique credentials and forms of identification.
  • Individuals are advised to remain cautious of phishing attempts, update software regularly, and use unique passwords to protect against this malware. The FBI has set up a website where users can check if their email addresses were compromised.
  • FBI tool: https://raccoon.ic3.gov

New APIs Discovered by Attackers in Just 29 Seconds

Article Link: https://www.infosecurity-magazine.com/news/new-apis-discovered-attackers-29/

  • A Wallarm report, “Gone in 29 Seconds: The World’s First API Honeypot” (November 2024), reveals attackers can identify new APIs within 29 seconds, based on a 20-day study using an API honeypot.
  • The findings indicate that many of these APIs lack adequate protection and use predictable endpoints like “/status” or “/metrics,” making them easy targets for attackers seeking to exploit them.
  • Some organizations suggest APIs have become more attractive targets than traditional web applications, accounting for over 54% of total web requests. Attackers can strike high-frequency attacks at minimal cost, potentially stealing millions of records in mere minutes.
  • It is important to avoid using common names for public API endpoints, opting instead for less predictable identifiers in addition to regular monitoring for suspicious activity to protect APIs against unauthorized access.
  • Report: https://www.businesswire.com/news/home/20241217558523/en/Wallarm-Releases-Worlds-First-API-Honeypot-Report-Highlighting-API-Attack-Trends

Breaking Up with Your Password: Why It’s Time to Move On

Article Link: https://www.cyberdefensemagazine.com/breaking-up-with-your-password-why-its-time-to-move-on/

  • Over 1 billion users were impacted by data breaches in the first half of 2024, according to Cyber Defense Magazine, reflecting a staggering 409% increase from the same period last year.
  • Weak and recycled passwords were a primary target for attackers. Even complex options can fall short, leaving sensitive user data exposed.
  • The dramatic rise in breaches demonstrates that traditional passwords are no longer effective against evolving threats, leaving sensitive data at risk.
  • Moving to modern methods like biometric authentication, fingerprint scanning, and multi-factor approaches can protect organizations and people, prevent costly compromises, and provide a stronger foundation for digital security.

A Look Back: The Evolution of Latin American eCrime Malware in 2024

Article Link: https://www.crowdstrike.com/en-us/blog/latam-ecrime-malware-evolution-2024/

  • Latin American cybercriminals are leveling up their game, enhancing malware like Mispadu, Kiron, and Astaroth to outsmart defenses and expand their reach.
  • They are adopting modern programming languages like Rust to make their malware more elusive and harder to analyze, while still relying on proven methods such as multi-stage infection chains, malicious spam, and phishing sites that predominantly target Spanish and Portuguese speakers.
  • This evolution shows a blend of old-school tactics with new tech, making these cyber threats more sophisticated and challenging to detect, driven by a collaborative underground network constantly refining their strategies to stay ahead.
  • To counter these evolving threats, organizations should adopt advanced security measures, monitor for the latest attack vectors, and educate users on recognizing phishing attempts and suspicious activity.


Reach out to our incident response team for help

More To Explore

Information Security News – 2/3/2025

Phishing Campaign Baits Hook with Malicious Amazon PDFs Article Link: https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs Cybersecurity Crisis in Numbers Article Link: https://www.helpnetsecurity.com/2025/01/29/data-breach-notices/ Google Forced to Step Up Phishing Defenses

Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/ FTC Orders GM to Stop Collecting and Selling Driver’s Data Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Brave

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.