As we move into a shiny, new, and exciting 2024, we think it’s important to reflect on everything we saw along the way this past year. Namely, a continued surge in cybersecurity incidents which regularly demonstrated the challenges we all face and the importance of persistence in combating evolving risks.
This one is chock full of links and info, so we hope you're ready to geek out!
Cybersecurity researchers at Forescout disclosed a series of vulnerabilities within industrial control systems (ICS), particularly focusing on two flaws in Schneider Electric's Modicon PLCs. These vulnerabilities, CVE-2022-45788 and CVE-2022-45789, allowed remote code execution and authentication bypass.
The chain, when combined with other known vulnerabilities, facilitated extensive lateral movement within OT networks, offering attackers access to typically secure ICS. Forescout demonstrated the potential impact, using a movable bridge scenario, showcasing the attacker's ability to cause significant physical damage without immediate detection.
A new report by Vodafone Business, 'The Business of Cybersecurity', unveils alarming statistics indicating that more than 54% of surveyed small and medium-sized enterprises (SMEs) in the UK encountered cyber-attacks in the past year.
This figure marks a significant increase of 15% from Vodafone's research two years earlier, highlighting a worrisome trend in escalating cyber threats faced by SMEs. The study emphasizes the heightened vulnerability of businesses, especially in the wake of increased remote work and reliance on digital technology.
The Microsoft Threat Intelligence team identifies DEV-1101 as the creator behind an open-source AiTM phishing kit gaining traction in the cybercrime realm for orchestrating large-scale attacks. This kit enables threat actors to execute phishing assaults that intercept passwords and session cookies through a proxy server, evading multi-factor authentication safeguards like time-based one-time passwords (TOTPs).
According to Microsoft's findings, DEV-1101 provides purchasable or rentable phishing kits, streamlining cybercrime efforts and lowering entry barriers into this criminal economy. The kit includes features facilitating the replication of Microsoft Office and Outlook pages for phishing and offers mobile campaign management and CAPTCHA checks to evade detection, exemplifying the industrialization of cybercriminal activities.
Uber Technologies disclosed a breach impacting 131 Massachusetts residents, compromising their Social Security Numbers (SSNs). The breach, revealed on March 31 and traced back to law firm Genova Burns, involved unauthorized access to their systems, exposing drivers' names, SSNs, and/or tax identification numbers between January 23, 2023, and January 31, 2023.
Though the detailed breach report is not officially available, circulating letters suggest data theft from the law firm's files. This incident marks another in Uber's history, following previous breaches in 2016 and 2022, raising concerns about ongoing cybersecurity vulnerabilities.
In the inaugural Binding Operational Directive 23-02 of the year, CISA mandates federal civilian agencies to swiftly secure misconfigured or Internet-exposed networking equipment within 14 days of detection. The directive specifically applies to devices like routers, firewalls, and proxies with exposed management interfaces allowing network administrative access.
GitHub's latest announcement unveils the public beta rollout of passwordless authentication, offering users the option to transition from security keys to passkeys. Passkeys, tied to individual devices, aim to heighten security by reducing phishing risks, preventing credential theft, and thwarting unauthorized access attempts.
OpenAI faced "periodic outages" in its API and ChatGPT services due to distributed denial-of-service (DDoS) attacks.
Although OpenAI hasn't officially attributed the attacks, a group named Anonymous Sudan claimed responsibility, citing dissatisfaction with the company's stance on Israel and Palestine. The attackers confirmed the use of the SkyNet botnet, specializing in Layer 7 (L7) DDoS attacks, aiming to overload services at the application level, significantly straining server resources.
With 2023's cybersecurity journey complete, these incidents along with so many others underscore the persistent nature of cyber threats. Each serves as an important lesson, offering valuable insights we can use to protect ourselves against future risks.
We hope this collection of incidents guides all of us to make better, more informed decisions so we can all navigate the new year of cybersecurity challenges with confidence.
Happy New Year!