Malware & Threats: Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
Introduction
In recent news, networking giant Cisco has discovered a second zero-day vulnerability that has been actively exploited in attacks. This discovery comes at a time when the number of hacked devices appears to be dropping. The critical flaw, tracked as CVE-2023-20198, affects the IOS XE web interface and allows remote, unauthenticated attackers to create high-privileged accounts on targeted Cisco devices. Additionally, Cisco has confirmed the exploitation of another zero-day vulnerability, tracked as CVE-2023-20273, which is used to deliver a Lua-based implant and execute arbitrary commands.
The Exploitation Process
The attackers first exploit CVE-2023-20198 to gain initial access and create a local user and password combination with normal user access. This allows them to log in and then exploit another component of the web UI feature to elevate their privileges to root and write the implant to the file system. It’s important to note that while the account created via CVE-2023-20198 is persistent, the implant is not, and it is removed when the device is rebooted. Cisco has released patches for both vulnerabilities and organizations must take additional actions to clean up their systems.
The Decrease in Hacked Devices
Despite the discovery of these zero-day vulnerabilities, there is evidence to suggest that the number of hacked devices is dropping. Cybersecurity companies have been scanning the internet for compromised Cisco switches and routers and have identified a significant decrease in the number of infected devices. The Shadowserver Foundation found the backdoor on only 100 systems, whereas previously there were reports of more than 40,000 compromised devices. However, the CERT Orange Cyberdefense warns that there may still be many hacked devices that are not showing up in scans as the attackers may be actively trying to hide the implant.
Unknown Attackers and Motive
At this time, there is no information available regarding the identity of the attackers or their motive behind these attacks. The lack of attribution in cyberattacks is a common challenge faced by security experts. It remains a mystery whether these attacks are financially motivated, politically motivated, or part of a larger espionage campaign. The US cybersecurity agency CISA has released guidance for addressing the vulnerabilities and has added them to its Known Exploited Vulnerabilities Catalog, instructing federal agencies to immediately address them.
Editorial: The Importance of Internet Security
This recent discovery of zero-day vulnerabilities in Cisco devices is a stark reminder of the ongoing threat posed by cybercriminals. It demonstrates the constant need for organizations and individuals to prioritize internet security and stay vigilant against potential threats. As technology continues to advance and more devices are connected to the internet, the attack surface for malicious actors also grows. It is crucial for both individuals and businesses to invest in robust cybersecurity measures, including regular software updates, strong passwords, and employee education.
Internet Security: A Shared Responsibility
Internet security is a shared responsibility that extends beyond individual users and organizations. Governments and regulatory bodies play a crucial role in enforcing cybersecurity standards and holding technology companies accountable for the security of their products. Collaboration between public and private sectors is essential to detect and mitigate vulnerabilities, share threat intelligence, and ensure the overall resilience of critical infrastructure.
Advice: Protecting Against Zero-Day Vulnerabilities
While zero-day vulnerabilities can be challenging to defend against due to their unknown nature, there are steps that individuals and organizations can take to reduce their risk:
Stay Up to Date with Patches
Regularly update devices and software with the latest patches and security updates. Manufacturers and vendors release patches to address identified vulnerabilities, and failing to apply these updates leaves systems exposed to known risks.
Implement Defense-in-Depth Strategies
Adopt multiple layers of security to strengthen overall defenses. This includes using firewalls, intrusion detection systems, and network segmentation to prevent unauthorized access and limit the potential impact of an attack.
Invest in Threat Intelligence
Subscribing to threat intelligence services can provide timely information on emerging threats and vulnerabilities. This enables organizations to proactively identify and address potential risks before they can be exploited by threat actors.
Train Employees on Cybersecurity Best Practices
Human error remains a significant factor in successful cyberattacks. Regularly train employees on identifying phishing attempts, using strong passwords, and following proper security protocols to minimize the risk of falling victim to social engineering tactics.
Engage in Vulnerability Testing and Penetration Testing
Regularly conduct vulnerability testing and penetration testing to identify potential weaknesses in systems and networks. This allows organizations to address vulnerabilities before they are exploited by attackers.
Conclusion
The discovery of these zero-day vulnerabilities in Cisco devices serves as a reminder of the ever-evolving threat landscape. It highlights the importance of proactive security measures and collaboration between all stakeholders in order to safeguard against cyberattacks. As technology continues to advance, it is imperative for individuals, organizations, and governments to prioritize internet security to protect against the growing sophistication of cyber threats.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Final Payday: Illinois Facebook Users Receive Third and Last Check from Landmark $650 Million Biometric Privacy Settlement
- Strengthening the cybersecurity of federal networks: Beyond financial investment
- Europol Strikes a Blow Against Ransomware: Ragnar Locker Infrastructure Dismantled, Key Developer Arrested
- The Truth Behind the Widespread Cisco Zero-Day Exploit: Uncovering the Malicious Lua Backdoor Scheme
- Why the Citrix Zero-Day Exploit Calls for More Than Just Patching
- The NetScaler Nightmare: Unraveling the Zero-Day Exploitation Saga
- Ransomware Rampage: Police Crack Down on Ragnar Locker Leak Site
- Iran-Linked ‘MuddyWater’ Espionage: Uncovering 8 Months of Government Surveillance
- Fraud Prevention Firm Fingerprint Secures $33 Million in Funding
