nGuard

Call us p. 704.583.4088
Client PortalSpeak to An Expert

Cybersecurity Measures

TWiC: China Cyberattacks, ManageEngine Exploits, FBI Urges Barracuda Appliance Removal, Cyber Insurance

In this edition of This Week in Cybersecurity, we bring you a comprehensive overview of the latest developments and pressing concerns within cybersecurity. As threats continue to evolve, it is crucial to stay informed and prepared. Join us as we explore four pivotal topics that demand attention and action.

Hackers Exploit Barracuda Email Security Appliances: FBI Urges Immediate Removal

The FBI has issued a compelling alert urging the swift removal of compromised email security appliances manufactured by Barracuda Networks. This comes after Barracuda issued the same advice back in May, which was detailed in another nGuard Security Advisory. Despite patches designed to fix the exploited zero-day vulnerability (CVE-2023-2868), the FBI asserts that these patches have proven ineffective against suspected Chinese hackers. Organizations are strongly advised to remove all Barracuda Email Security Gateway (ESG) appliances promptly. This warning underscores the importance of vigilance and the evolving nature of cyber threats. To protect your organization from these attacks and stay informed of these new vulnerabilities as they are discovered, nGuard offers Vulnerability Scanning and Penetration Testing, along with Security Device Configuration Audit services that can help identify vulnerabilities, assess risks, and fortify your infrastructure against potential attacks.

Growing Concerns of Destructive Cyberattacks by China

Top U.S. cyber official, Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Agency, has sounded an alarm about the potential for China to launch destructive cyberattacks on critical U.S. infrastructure in the event of escalated tensions. China’s hackers are reportedly positioning themselves for such actions, which represent a significant departure from their historical cyber espionage activities. nGuard has a wide range of experience helping organizations secure their critical infrastructure from Energy and Utilities, to Manufacturing, to Healthcare, to Government.

Cyber Insurance and the Nexus of Coverage and Protection

As cybersecurity evolves, the relationship between cybersecurity and insurance industries becomes increasingly intricate. Experts in the field gathered at the Def Con hacker conference to discuss the need for cyber insurance, its assessment, and its alignment with cybersecurity measures. Back in February, nGuard wrote about 5 new requirements that insurance companies need to issue policies. Security Awareness Training and Testing, Vulnerability Management, and 24/7/365 Monitoring were among the requirements listed. While cyber insurance offers financial protection, factors like calculating premiums and assessing risks are challenges that require attention. The role of cyber insurance as a motivator to enhance cybersecurity programs is emphasized, with a call to move quickly in preparing for potential cyberattacks.

Lazarus Hackers Exploit ManageEngine Vulnerability: New Threats Emerge

The North Korean state-backed Lazarus hacker group has capitalized on a critical ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to compromise an internet backbone infrastructure provider and healthcare organizations. In early 2023, Lazarus exploited the flaw in multiple Zoho ManageEngine products to infiltrate a U.K. internet backbone provider, deploying the “QuiteRAT” malware and unveiling the newly discovered “CollectionRAT” remote access trojan (RAT). QuiteRAT, a potent malware discovered in February 2023, showcases enhanced capabilities compared to its predecessor, MagicRAT. CollectionRAT, linked to the “EarlyRAT” family and the Andariel subgroup, boasts sophisticated features, including on-the-fly code decryption using the Microsoft Foundation Class framework. Lazarus’ evolving tactics, employing open-source tools and frameworks, pose challenges for attribution and defense strategies. To safeguard against emerging threats, nGuard offers comprehensive Penetration Testing and Vulnerability Management services to assess vulnerabilities, enhance security, and mitigate risks.

The evolving nature of cyber threats demands taking proactive measures and forming strategic partnerships. As highlighted in the topics covered, cybersecurity is ever-changing where staying informed, prepared, and collaborating with experts is critical. At nGuard, we offer a suite of solutions designed to assist organizations in navigating this complex landscape. From incident response and vulnerability management to proactive security assessments, we are ready to enhance your security posture. The key to cybersecurity success lies in constant adaptation and continuous improvement.

Massive Data Breach Exposes Millions As MOVEit Vulnerability Exploited

In recent weeks, a major data breach caused by the exploitation of a vulnerability in the popular file transfer tool MOVEit, by Progress Software, has led to the compromise of sensitive personal information belonging to millions of individuals and a growing number of companies, universities, and government entities and agencies. This alarming breach has affected numerous organizations across various sectors, highlighting the urgent need for enhanced cybersecurity measures. In this Security Advisory nGuard will cover an overview of MOVEit, who is behind the attack, detail the extent of the damage caused by the vulnerability, and offer mitigation strategies to address the issue.
 
MOVEit and the Vulnerability:
MOVEit Transfer, developed by Progress Software, is an enterprise file transfer tool widely used by organizations for secure information exchange. Unfortunately, hackers have recently targeted a vulnerability within MOVEit, resulting in a series of data breaches. The attacks have been attributed to the Cl0p ransomware gang, a group that operates as a ransomware-as-a-service provider. Cl0p’s tactics include the exploitation of software vulnerabilities and employing double-extortion techniques, where stolen data is held hostage unless a ransom is paid.
The vulnerability in MOVEit Transfer allows hackers to gain unauthorized access to sensitive data during file transfers. By leveraging this vulnerability, the Cl0p gang has been able to infiltrate multiple organizations and compromise the security of their data.
There are multiple CVEs associated with the software:

Extent of the Breach and Affected Individuals and Organizations:
The impact from the MOVEit vulnerability has been far-reaching and has impacted a wide range of individuals and organizations. So far, more than 15.5 million individuals have been affected and the list of organizations is growing each day. The following is a list of some of the major organizations affected:

  • U.S. Department of Energy
  • Ernst & Young
  • Siemens Energy
  • Government of Nova Scotia
  • British Airways
  • Oregon Driver’s License Holders: Approximately 3.5 million individuals.
  • Louisiana Residents: Roughly 6 million individuals.
  • California Public Employees’ Retirement System (CalPERS) Members: About 770,000 individuals.
  • Genworth Finance Clients: Between 2.5 and 2.7 million individuals.
  • Wilton Reassurance Insurance Customers: Approximately 1.5 million individuals.
  • Tennessee Consolidated Retirement System Beneficiaries: More than 170,000 individuals.
  • Talcott Resolution Customers: Over half a million individuals.
  • National Student Clearinghouse: Potentially significant breach in terms of numbers, impacting numerous educational institutions across the United States.
  • U.S. Universities and Schools: Numerous universities have fallen victim to the breach including UCLA, University of Rochester, and Johns Hopkins.
  • U.S. Department of Health and Human Services (HHS): More than 100,000 individuals affected, according to congressional notifications.
  • Banks, Consultancy and Legal Firms, Energy Giants, and more: Cl0p’s leak site includes numerous additional victims.

The consequences extend beyond individuals, with several notable organizations falling victim to the breach. The University of California-Los Angeles (UCLA), which used MOVEit Transfer to transfer files across campus and to other entities, is among the victims. UCLA spokesperson Margery Grey confirmed the university’s collaboration with the FBI and external cybersecurity experts to investigate the matter. She also stated that impacted individuals have been notified.

Mitigating the Vulnerability:
Given the severity and widespread impact of the MOVEit vulnerability, it is crucial for organizations to take immediate steps to mitigate risks and protect their sensitive data. Here are some recommended strategies:

  1. Update and Patch: Promptly update MOVEit Transfer and apply the latest security patches released by Progress Software. Regularly checking for updates ensures that known vulnerabilities are addressed, significantly reducing the risk of exploitation.
  2. Conduct Regular Vulnerability Scanning: With nGuard Vulnerability Management, your organization’s Internet perimeter or internal networks are continuously tested for new vulnerabilities. This provides your organization an effective and timely way to manage your security posture on an ongoing basis.
  3. Conduct Regular Security Audits: Perform comprehensive security audits to identify potential vulnerabilities within your networks and file transfer systems. This includes conducting penetration tests and vulnerability assessments to proactively identify and address weak points.
  4. Implement Multifactor Authentication (MFA): Enforce MFA for accessing file transfer systems to enhance authentication security. Requiring additional verification methods such as biometrics or one-time passwords (OTP), or acceptance of push notifications the risk of unauthorized access is significantly reduced.
  5. Employee Awareness and Training: It is critical to promote a top-down approach to the culture of cybersecurity awareness among employees by providing regular training sessions on identifying and responding to threats. These training sessions should include ongoing social engineering assessments. Educate staff on best practices for securely sharing sensitive information.
  6. Incident Response Planning: Develop a robust incident response plan that outlines steps to be taken in the event of a data breach. This includes establishing clear lines of communication, involving relevant stakeholders, and implementing recovery procedures to minimize damage and downtime. nGuard has years of experience helping customers create thorough and detailed incident response plans and information security policies custom tailored to their environments, needs, and particular GRC requirements and security standards.
  7. Collect Proper Logs: Have a proper Security Information and Event Management (SIEM) tool that collects, analyzes and correlates security event data from various sources to detect and respond to potential cybersecurity threats. This helps organizations improve overall security posture by providing real-time monitoring, threat intelligence, and incident response capabilities.

The MOVEit vulnerability has led to a significant data breach affecting millions of individuals and numerous organizations across various sectors. As the list of victims continues to grow, it is crucial for organizations to take proactive steps to mitigate new vulnerabilities. By following the mitigation provided, organizations can fortify their defenses and safeguard sensitive information from malicious actors. The battle against cyber threats requires collective efforts and ongoing awareness to ensure integrity and security.

Chat Icon Chat Close

Learn how nGuard can secure your data

Ready to take the next step? Speak to an nGuard expert and get your questions answered today.

Chat Popup

No thanks, maybe later