Industrial attack inundation

            Industrial attacks are operated by humans and require some level of technical skill. But either the initial
            exploit or the lasting impact is exacerbated by poor cyber hygiene. There are multiple examples of such
            attacks from the last few months, but the biggest was the MOVEit attack in June 2023. At the latest count,
            the attack has impacted close to 2,800 organizations  and almost 95 million individuals. Sadly, education
            and healthcare institutions were most affected.

            The  main  perpetrator  was  the  infamous  Cl0p  cybercrime  gang,  which  industrialized  an SQL  injection
            vulnerability within MOVEit to distribute ransomware widely. The attack was so damaging  that the SEC
            is currently investigating Progress Software – the maker of MOVEit. But whilst the initial breach of MOVEit
            was down to a tenacious human effort from the attackers, organizations are still falling victim to it almost
            a year later. This could be avoided by patching MOVEit.

            Another recent industrialized attack is the Okta support system breach in October 2023. This was caused
            by stolen credentials rather than a highly skilled exploit. While the initial attack on a support system may
            seem innocuous, it prevented Okta from releasing updates to customers for 90 days. The lesson here is
            that every system – no matter how insignificant – must be considered as an entry point, and that the right
            controls have to be in place to prevent infiltration.



            Opportunistic overflow

            The last attack type is opportunistic. These attacks target low-hanging fruit and are the easiest to execute,
            often  relying  on  vulnerabilities  that  have  existed  for years  being  exploited  by  automated  adversaries.
            Log4J  is a  prime  example  of  an opportunistic  attack.  Disclosed  in late  2021,  the  vulnerability  was so
            damaging  because  Log4J  –  an open-source  logging  library  – was  widely  used  in  organizations  of all
            kinds. It’s estimated that 93% of enterprise cloud environments were impacted.

            Checking  for  known  vulnerabilities,  knowing  where  they  are  in your  code  base,  and addressing  them
            would confine the Log4J vulnerability to the annals of history. However, as recently as December 2023,
            two years after the exploit was discovered, a third of applications were still using an unpatched and thus
            vulnerable version of Log4J.

            Similarly, Microsoft Exchange continues to be a rich source for automated attacks, as the UK’s Electoral
            Commission found to its cost in August 2023. Data from the ShadowServer  dashboard shows there are
            more than 88,000 publicly accessible Exchange servers that possibly have critical vulnerabilities.  Some
            may have been mitigated, but when you consider that keeping up to date with patches could remediate
            these vulnerabilities, it’s a frightening figure.



            Turning a downpour into a drop

            With  attackers  tending  to pick  off the easiest  targets,  focusing  on security  fundamentals,  better  cyber
            hygiene, and ensuring the right controls and policies are in place will help head off almost all industrialized
            and opportunistic attacks.




            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          94
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.