Online Security Threat Alerts: Common Attacks & Incidents

If you are running insurance IT systems then it’s good to know about the online threats out there;

SecurityHQ has put together a Monthly Threat Report, drawn from their recent advisories from March 2022, with recommendations to mitigate against these 5 key threats. 

Privileges Escalation Bug Known as Dirty Pipe, Targeting Linux Systems

Threat Reference: Global

Risks: Privilege Escalation

Advisory Type: Threats

Priority: Elevated

New Linux Privileges escalation bug known as Dirty Pipe (CVE-2022-0847) can allow a local user to access root privileges. Successful exploitation of this vulnerability permits a non-privileged user to inject their own data into sensitive read-only files, which will allow an attacker to remove restrictions or modify configurations to provide greater access. For example, the attacker can overwrite the /etc/password file and easily modify or erase root user password, which in turn will allow an attacker to gain root privileged account by simply executing the ‘sub root’ command.

Recommendation

It is recommended to update Linux kernels to the latest available versions.

Cyberattack on Ukraine Authorities Utilizing Bitdefender Update Package as Lure

Threat Reference: Global

Risks: Malware, Phishing

Advisory Type: Threats

Priority: Standard

Ukraine government authorities are receiving an email disguised as state bodies of the Ukraine with instructions on improving the level of information security. Later this file downloads multiple other files, one of them being Cobalt Strike Beacon, which compromises the victim.

Recommendations

• Avoid handling files or URL links in emails, chats, or shared folders from untrusted sources.

• Provide phishing awareness training to your employees/contractors.

• Keep Anti-malware solutions at the endpoint and network-level always updated.

• Deploy Endpoint Detection & Response (EDR) tools to detect the latest malware and suspicious activities on endpoints.

Gh0stCringe RAT Targeting SQL and MySQL Servers

Threat Reference: Global

Risks: Remote Access Trojan (RAT)

Advisory Type: Threats

Priority: Standard

Gh0stCringe also known as CirenegRAT is a remote access trojan continuously exploiting misconfigured vulnerable MSSQL and MYQL servers with weak account credentials.

Once compromised RAT deploys an executable file and after successful exploitation it establishes a connection with the C2 (command and control) server to receive commands from the attacker.

Recommendations

  • Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints.
  • Update the Anti-malware solutions at endpoint and perimeter level solutions to include the given IOCs.
  • Analyze Endpoint solutions – EDR, AV, Email Anti-malware solution logs for the presence of mentioned IOCs.

LAPSUS$ Extorsion Group Claimed to Have Breached Authentication Services Company

Threat Reference: Global

Risks: Credential Compromise, Account Takeover

Advisory Type: Threats

Priority: Elevated

Extorsion group LAPSUS$ have posted the evidence of having ‘super user’ access to a company’s internal IT services. The attacker group claims to have access to multiple services as per the screen shots shared on telegram. LAPSUS$ claims that they did not breach the targets databases but targeted the customers.

Recommendations

Ragner Locker Ransomware APT Group Targeting Critical Sectors

Threat Reference: Global

Risks: Ransomware

Advisory Type: Threats

Priority: Elevated

Security researchers identified that Ragnar Locker Ransomware APT group infected critical sectors including manufacturing, energy, financial services, government, and information technology by RagnarLocker ransomware.

Recommendations

  • Deploy Endpoint Detection & Response (EDR) tools to detect latest malware and suspicious activities on endpoints.
  • Update the Anti-malware solutions at endpoint and perimeter level solutions to include the mentioned IOCs.
  • Analyse Endpoint solutions – EDR, AV, Email Anti-malware solution logs for the presence of mentioned IOCs.

Having conducted incident response investigations across a wide range of industries, SecurityHQ are best placed to work with businesses large and small, and across numerous technical environments to reduce the impact of a cyber security incident.

If you suspect a security incident, you can report an incident here.

About alastair walker 8741 Articles
20 years experience as a journalist and magazine editor. I'm your contact for press releases, events, news and commercial opportunities at Insurance-Edge.Net

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.