nGuard

Call us p. 704.583.4088
Client PortalSpeak to An Expert

Risk assessment

TWiC: China Cyberattacks, ManageEngine Exploits, FBI Urges Barracuda Appliance Removal, Cyber Insurance

In this edition of This Week in Cybersecurity, we bring you a comprehensive overview of the latest developments and pressing concerns within cybersecurity. As threats continue to evolve, it is crucial to stay informed and prepared. Join us as we explore four pivotal topics that demand attention and action.

Hackers Exploit Barracuda Email Security Appliances: FBI Urges Immediate Removal

The FBI has issued a compelling alert urging the swift removal of compromised email security appliances manufactured by Barracuda Networks. This comes after Barracuda issued the same advice back in May, which was detailed in another nGuard Security Advisory. Despite patches designed to fix the exploited zero-day vulnerability (CVE-2023-2868), the FBI asserts that these patches have proven ineffective against suspected Chinese hackers. Organizations are strongly advised to remove all Barracuda Email Security Gateway (ESG) appliances promptly. This warning underscores the importance of vigilance and the evolving nature of cyber threats. To protect your organization from these attacks and stay informed of these new vulnerabilities as they are discovered, nGuard offers Vulnerability Scanning and Penetration Testing, along with Security Device Configuration Audit services that can help identify vulnerabilities, assess risks, and fortify your infrastructure against potential attacks.

Growing Concerns of Destructive Cyberattacks by China

Top U.S. cyber official, Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Agency, has sounded an alarm about the potential for China to launch destructive cyberattacks on critical U.S. infrastructure in the event of escalated tensions. China’s hackers are reportedly positioning themselves for such actions, which represent a significant departure from their historical cyber espionage activities. nGuard has a wide range of experience helping organizations secure their critical infrastructure from Energy and Utilities, to Manufacturing, to Healthcare, to Government.

Cyber Insurance and the Nexus of Coverage and Protection

As cybersecurity evolves, the relationship between cybersecurity and insurance industries becomes increasingly intricate. Experts in the field gathered at the Def Con hacker conference to discuss the need for cyber insurance, its assessment, and its alignment with cybersecurity measures. Back in February, nGuard wrote about 5 new requirements that insurance companies need to issue policies. Security Awareness Training and Testing, Vulnerability Management, and 24/7/365 Monitoring were among the requirements listed. While cyber insurance offers financial protection, factors like calculating premiums and assessing risks are challenges that require attention. The role of cyber insurance as a motivator to enhance cybersecurity programs is emphasized, with a call to move quickly in preparing for potential cyberattacks.

Lazarus Hackers Exploit ManageEngine Vulnerability: New Threats Emerge

The North Korean state-backed Lazarus hacker group has capitalized on a critical ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to compromise an internet backbone infrastructure provider and healthcare organizations. In early 2023, Lazarus exploited the flaw in multiple Zoho ManageEngine products to infiltrate a U.K. internet backbone provider, deploying the “QuiteRAT” malware and unveiling the newly discovered “CollectionRAT” remote access trojan (RAT). QuiteRAT, a potent malware discovered in February 2023, showcases enhanced capabilities compared to its predecessor, MagicRAT. CollectionRAT, linked to the “EarlyRAT” family and the Andariel subgroup, boasts sophisticated features, including on-the-fly code decryption using the Microsoft Foundation Class framework. Lazarus’ evolving tactics, employing open-source tools and frameworks, pose challenges for attribution and defense strategies. To safeguard against emerging threats, nGuard offers comprehensive Penetration Testing and Vulnerability Management services to assess vulnerabilities, enhance security, and mitigate risks.

The evolving nature of cyber threats demands taking proactive measures and forming strategic partnerships. As highlighted in the topics covered, cybersecurity is ever-changing where staying informed, prepared, and collaborating with experts is critical. At nGuard, we offer a suite of solutions designed to assist organizations in navigating this complex landscape. From incident response and vulnerability management to proactive security assessments, we are ready to enhance your security posture. The key to cybersecurity success lies in constant adaptation and continuous improvement.

TWIC: Barracuda Alert, Fortinet Patch, and VMware ESXi Exploit

In this week’s edition of TWIC (This Week in Cybersecurity), we delve into the most significant stories and developments in the cybersecurity landscape. This week, we’re focusing on three major incidents involving Barracuda, Fortinet, and VMware ESXi.

Barracuda Urges Immediate Replacement of Vulnerable Appliances
Barracuda Networks, a leading provider of cloud-enabled security solutions, has issued an urgent call to its customers to replace vulnerable email security gateway (ESG) appliances immediately. This follows the disclosure of a critical security flaw, which has been exploited since October 2022. The vulnerability existed in a module which initially screens the attachments of incoming emails. Despite a patch being issued last month, Barracuda recommends replacing the compromised appliances as the safest course of action. Three different malware strains have been discovered to date on a subset of appliances allowing for persistent backdoor access, and evidence of data exfiltration was identified on a subset of impacted appliances.

Fortinet’s Patched Critical Flaw May Have Been Exploited
Fortinet recently patched a critical flaw in its FortiOS SSL VPN. However, there are indications that this vulnerability may have already been exploited in attacks impacting various sectors, including government and manufacturing. The heap-based buffer overflow, pre-authentication vulnerability affects FortiOS and FortiProxy SSL-VPN and can allow unauthenticated attackers to gain remote code execution (RCE) via maliciously crafted requests. Fortinet found the flaw in an audit of its SSL-VPN platform after the rampant exploitation of another vulnerability, CVE-2022-42475 — which upon discovery was a zero-day bug — in January.

Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day
A Chinese cyberespionage group, known as UNC3886, has been observed exploiting a zero-day vulnerability in VMware ESXi to escalate privileges on guest virtual machines. The group has been using malicious vSphere Installation Bundles (VIBs) to install backdoors on ESXi hypervisors and gain command execution, file manipulation, and reverse shell capabilities since September 2022. The group’s malicious actions would impact VMware ESXi hosts, vCenter servers, and Windows virtual machines (VM). The cyberspies also used installation scripts to deploy malicious VIBs to hosts, and exploited CVE-2023-20867 to execute commands and transfer files from the compromised ESXi host to and from guest VMs, without authentication and without a trace.

Conclusion
The cybersecurity landscape is constantly evolving, with new threats and vulnerabilities emerging on a regular basis. These incidents involving Barracuda, Fortinet, and VMware ESXi underscore the importance of maintaining robust security measures and staying abreast of the latest developments.

At nGuard, we offer a range of services designed to help businesses navigate these challenges. Our Cyber Security Incident Response service is equipped to provide immediate assistance in the face of potential security incidents, helping to manage and mitigate risks effectively. Our Vulnerability Management service is designed to identify and manage vulnerabilities in your systems, ensuring that your network remains secure against a variety of threats. Furthermore, our Managed Event Collection service provides continuous monitoring and detection capabilities, enabling swift identification and response to malicious activities in your network.

Remember, in the realm of cybersecurity, staying informed and taking proactive measures is key. At nGuard, we’re committed to helping you navigate the ever-evolving cybersecurity landscape. Contact us today to learn more about how we can assist you in securing your organization.