US Accused of Cyber Espionage Against China Amid Unaddressed PowerShell Gallery Vulnerabilities and Free Train Tickets Circulation

Cyberwarfare In Other News: US Hacking China, Unfixed PowerShell Gallery Flaws, Free Train Tickets

Overview

This weekly cybersecurity news roundup provides a summary of noteworthy stories that may have slipped under the radar for the week of August 14, 2023. The stories range from vulnerabilities in popular software to cyberespionage campaigns targeting foreign ministries. Some of the highlights include the abuse of Zoom’s Zero Touch Provisioning, the discovery of MaginotDNS cache poisoning attack, unpatched vulnerabilities in PowerShell Gallery, and a phishing campaign targeting Zimbra users. Furthermore, reports suggest that the US may have hacked China, and LinkedIn accounts have been hacked, possibly involving compromised credentials or brute-force attacks. Additionally, the Cuba ransomware group has targeted US critical infrastructure, and the White House has pushed federal agencies to ramp up their cybersecurity measures.

Zoom’s Zero Touch Provisioning Vulnerabilities

Researchers have discovered that Zoom’s Zero Touch Provisioning feature can be abused by attackers to remotely hack desk phones. This allows them to eavesdrop on phone calls, move laterally within corporate networks, or even build a botnet of compromised devices. Some of the vulnerabilities involved in this attack have only been partially fixed or remain unpatched. This highlights the importance of ensuring that all software and firmware in use is regularly updated and patched to mitigate the risk of such attacks.

MaginotDNS Cache Poisoning Attack

A new cache poisoning attack method targeting DNS servers has been described by researchers. Known as MaginotDNS, this attack leverages vulnerabilities in DNS software such as BIND and Microsoft DNS. These vulnerabilities can lead to unauthorized access to and manipulation of DNS responses, potentially compromising the security and integrity of network communications. It is critical that organizations apply patches and updates promptly to protect against such attacks.

Unfixed PowerShell Gallery Vulnerabilities

A series of vulnerabilities in PowerShell Gallery, the central repository for sharing PowerShell code, have been reported. These vulnerabilities can be exploited for typosquatting attacks and potentially allow supply chain attacks. Despite being reported to Microsoft by Aqua Security, the vulnerabilities remain unpatched. Organizations that utilize PowerShell Gallery and rely on its code should exercise caution and consider implementing additional security measures until patches are released.

Exploiting Moovit Vulnerabilities

Researchers have discovered vulnerabilities in the products of Moovit, a mobility-as-a-service operator. These vulnerabilities could have allowed hackers to obtain free train tickets and access user information. Moovit has released patches to address the vulnerabilities, and customers are advised to apply these updates promptly. This serves as a reminder for all users to regularly check for updates and apply them to their software and devices to stay protected from potential exploits.

Russia-linked Attacks on NATO-aligned Ministries of Foreign Affairs

EclecticIQ has detailed a cyberespionage campaign linked to Russia, which targets Ministries of Foreign Affairs in NATO-aligned countries. The campaign leverages PDF files, supposedly originating from a German embassy, to deceive victims. This highlights the ongoing threat posed by state-sponsored cyber-espionage campaigns and the importance of strong cybersecurity measures, particularly in critical government institutions.

US Hacking China?

China claims to have discovered malware that it believes is part of a global cyber reconnaissance system used by US intelligence agencies. The malware was allegedly discovered during an investigation into a cyberattack targeting the Wuhan Earthquake Monitoring Center. The discovery raises questions about the role of cyberwarfare and intelligence gathering among nation-states. It also underscores the need for improving international cooperation and establishing norms of conduct in cyberspace.

LinkedIn Accounts Hacked

The news of many LinkedIn users having their accounts hijacked in recent months raises concerns about the security of online platforms and the protection of user data. The attackers’ goals remain uncertain, but it is possible that compromised credentials or brute-force attacks on weak passwords were used. This incident serves as a reminder for users to enable two-factor authentication and use strong, unique passwords to safeguard their online accounts.

Zimbra Users Targeted in Ongoing Phishing Campaign

ESET has uncovered an ongoing mass-spreading phishing campaign focused on stealing Zimbra account credentials. The attacks began in April 2023 and primarily affected users in Poland, with Ecuador and Italy also experiencing significant victim numbers. The attacks have not been attributed to any known threat actor. Users of Zimbra should remain vigilant to suspicious emails and exercise caution when entering their credentials, especially if prompted by unsolicited or suspicious communications.

Cuba Ransomware Targets US Critical Infrastructure

The Cuba ransomware group has targeted a US critical infrastructure organization and an IT integrator in Latin America. These attacks demonstrate a change in tactics by the threat actor, including the exploitation of a recent vulnerability in Veeam software. The use of sophisticated tools and off-the-shelf hacking utilities further emphasizes the need for robust cybersecurity measures in critical infrastructure sectors to defend against ransomware attacks.

The White House Pushes Federal Agencies to Ramp Up Cybersecurity

Following reports that many federal agencies failed to comply with cybersecurity practices outlined in President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity, the White House has ordered them to enhance their cybersecurity stance. National security adviser Jake Sullivan has instructed department officials to ensure full compliance by the end of the year. This directive underscores the ongoing need for improved cybersecurity measures at all levels of government and the importance of addressing vulnerabilities promptly.

Editorial

The latest cybersecurity news highlights the ever-present threats and challenges faced by individuals, organizations, and nations in the digital age. From vulnerabilities in popular software repositories to state-sponsored cyberespionage campaigns, it is evident that security breaches and attacks continue to pose significant risks.

Many of the reported vulnerabilities and attacks could have been prevented with timely patching and the implementation of robust security measures. It is crucial for individuals and organizations alike to stay vigilant by regularly updating software, applying patches promptly, and employing strong security practices such as multi-factor authentication and strong password management.

Furthermore, the news of alleged cyber reconnaissance activities between the US and China raises important questions about the ethics and norms of conduct in cyberspace. As cyberwarfare tactics continue to evolve, it becomes imperative for nations to engage in open dialogues and establish frameworks to mitigate the risks associated with such activities.

The directive from the White House for federal agencies to strengthen their cybersecurity stance is a step in the right direction. However, it is crucial for all entities, public and private, to adopt a proactive and comprehensive approach to cybersecurity. This includes regular risk assessments, employee training, and the development of incident response plans to ensure rapid and effective responses to security incidents.

Advice

In light of the recent cybersecurity news, individuals and organizations should consider the following advice:

1. Update and Patch Software

Regularly update software and firmware to ensure they have the latest security patches. This includes operating systems, applications, and IoT devices.

2. Implement Multi-Factor Authentication

Enable multi-factor authentication wherever possible, especially for critical accounts such as email and online banking. This adds an extra layer of security and helps protect against unauthorized access.

3. Use Strong, Unique Passwords

Create strong, unique passwords for each online account and consider using password management tools to securely store and generate passwords. Avoid reusing passwords across multiple accounts.

4. Enable Security Features

Utilize built-in security features such as firewalls, antivirus software, and encryption to enhance the protection of your devices and data.

5. Stay Informed

Stay up to date with the latest cybersecurity news and follow reliable sources for trustworthy information on emerging threats and best practices.

6. Practice Good Phishing Awareness

Be cautious of unsolicited emails, avoid clicking on suspicious links or opening attachments from unknown senders. Verify the legitimacy of any request for personal or sensitive information before providing it.

7. Regularly Backup Data

Regularly backup important data to protect against data loss in the event of a ransomware attack or other security incident. Keep backups disconnected from the network to prevent them from being compromised.

8. Train Employees on Security Best Practices

Provide employees with regular cybersecurity training and education to raise awareness of potential threats and teach best practices for maintaining a secure digital environment.

By following these recommendations, individuals and organizations can better protect themselves against the ever-evolving and growing threats in the cybersecurity landscape. It is vital to remain vigilant and prioritize the security of digital assets and information.