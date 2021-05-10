Infosecurity Group Websites
Latest
News

UK/US: Patch These 11 Bugs Now to Thwart Russian Spies

The US and UK governments have released new information on the current tactics of Russian cyber-spies, including 11 vulnerabilities dating back to 2018 that are being used for initial access.

The new report, Further TTPs associated with SVR cyber actors, was released by the UK’s National Cyber Security Agency (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency and FBI.

It updates readers on the activities of the Russian Foreign Intelligence Service (SVR) — also known as APT29, Cozy Bear, and The Dukes — blamed for the recent SolarWinds attacks and many other espionage campaigns.

In a classic cat-and-mouse game, the SVR appears to have recently changed its tactics in response to a previous report issued by the US and UK, in an attempt to stay hidden.

This includes exploitation of widely reported Microsoft Exchange Server bugs, they claimed.

The report also listed 11 flaws in products from Fortinet, Cisco, Oracle, Zimbra, Pulse Secure, Citrix, Elasticsearch, VMware and F5 which are being exploited by the SVR to gain access to victim networks.

“This list should not be treated as exhaustive,” the report warned.

“The group will look to rapidly exploit recently released public vulnerabilities which are likely to enable initial access to their targets.”

The government report also flagged the SVR’s use of legitimate tool Cobalt Strike, as well as a custom backdoor (GoldMax), downloader (Sibot), HTTP tracer tool (GoldFinder), and open source Red Team command and control framework (Sliver), in post-compromise activity.

Organizations should be particularly careful to protect their administrator mailboxes as these are a common target for SVR attackers, who use access to better understand the victim’s network and to obtain further privileges and credentials for persistence and lateral movement.

Gurucul CEO, Saryu Nayyar, argued that as long as unpatched systems remain openly accessible, attacks will continue.

“The payloads may change depending on what the threat actor is after, but attackers will continue to leverage vulnerabilities in web servers, routers and virtualization software until there aren't any vulnerable hosts to exploit,” she added.

“This series of attacks is a reminder of how important it is to patch security vulnerabilities, and to make sure the network is protected with an up-to-date security stack.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Misconfigured Database Exposes 200K Fake Amazon Reviewers

2
News

Ransomware Takes Down East Coast Fuel Pipeline

3
News

CaptureRx Data Breach Impacts Healthcare Providers

4
News

Bot Attacks a Top Cybersecurity Concern

5
News

Millions of Households at Risk from Outdated Routers

6
News

#COVID19 Researchers Lose a Week's Work to Ryuk Ransomware

1
News Feature

Security and Privacy Challenges Threaten to Ground Vaccine Passports

2
Interview

Interview: Greg Day, Palo Alto Networks on the Changing Role of CISOs

3
Opinion

Can Organizations Ever Reach a State of Zero Trust?

4
News

Malicious UK Website Takedowns Surge 15-Fold in 2020

5
News

UK/US: Patch These 11 Bugs Now to Thwart Russian Spies

6
News

Ransomware Takes Down East Coast Fuel Pipeline

1
Webinar

Supply Chain Security: Easing the Headache of Third-Party Risk Assessments

2
Webinar

How Zero Trust Enables Remote Working and Builds to a SASE Vision

3
Webinar

Endpoint Strategies: Balancing Productivity and Security

4
Webinar

Zero Trust in 2021: How to Seamlessly Protect Your Remote and In-Office Users

5
Webinar

How to Win Cybersecurity Budget and Buy-in from the C-Suite to Mitigate Increased Level of Threat

6
Webinar

Insider Risk Maturity Models: Tales from the Insider Crypt

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain