A quick Saturday digest of cybersecurity news articles from other sources.
AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
Original release date: October 9, 2020
Summary
Note: the analysis in this joint cybersecurity advisory is ongoing, and the information provided should not be considered comprehensive. The Cybersecurity and Information Security Agency (CISA) will update this advisory as new information is available. This joint cybersecurity advisory was written by CISA with contributions from the Federal Bureau of Investigation (FBI).
CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application.
This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.
CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised. There are steps that election officials, their supporting SLTT IT staff, and vendors can take to help defend against this malicious cyber activity.
After gaining initial access, the actors exploit CVE-2020-1472 to compromise all Active Directory (AD) identity services. Actors have then been observed using legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environment with the compromised credentials. Observed activity targets multiple sectors, and is not limited to SLTT entities.
Click here for a PDF version of this report. Read full report online…
Infographic: Ransomware attacks by industry, continent, and more
Windows “Ping of Death” bug revealed – patch now!
No one has figured out how to run code with this bug yet – but if they do, you can bet that someone will turn it into a computer worm.
Microsoft on the counterattack! Trickbot malware network takes a hit
The crooks haven’t yet been caught and arrested, but their malware distribution network has been hit hard.
Could Microsoft be en route to dumping Windows in favor of Linux?
Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. He explains why this would be a win-win for Microsoft, IT pros, users, and the Linux community.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com