Last week was a doozy with tons of ransomware attacks coming to light, the MITRE group dealing with a security incident, Palo Alto dealing with fallout from CVE-2024-3400, and LastPass staff being targeted in nuanced attacks.
Ransomware hitting its stride in 2024
Link: BleepingComputer
Bleeping Computer has pulled together a list of ransomware attacks in the last week and, well, let’s just say it’s not pretty. Some of the most notable are:
- The ransomware attack on ChangeHealth is estimated to have cost nearly one billion dollars (yes, with a B).
- Akira ransomware groups have raked in close to $42 million for their latest attacks this year.
- The United Nations are currently investigating a ransomware attack they identified in late March.
While these attacks are news-worthy and obviously targeting large organizations, it’s important to remember most ransomware groups aren’t focusing on specific entities. They would rather cast a wide net with specific attack vectors or methods of entry and, if successful, continue with their attacks.
It’s worth its weight in gold for every organization to revisit their security posture, defense in depth, perform table top exercises, and take a look at their cybersecurity insurance policies.
Palo Alto gives more details on CVE-2024-3400
Link: BleepingComputer, Palo Alto
Palo Alto has given more information on the latest CVE to target PAN-OS. In a recent blog post, they identify the attack daisy-chains two, somewhat innocuous attacks, into one that grants RCE. By taking advantage of a flaw that allows attackers to send a special command instead of a session ID, causing the system to write that command to a file. This file can later be referenced in a subsequent attack, allowing remote code execution.
According to the Shadowserver Foundation, there are roughly 22,000 firewalls that are susceptible to this exploit. With publicly-available proof of concept in the wild, it’s critical to patch any vulnerable systems in your organization.
MITRE investigating cyber incident
Link: MITRE
MITRE has announced that a state-sponsored attacker was able to gain access to a “prototyping and research network” earlier this month. While the investigation is ongoing, the Principal Cybersecurity Engineer Lex Crumpton has provided some information about the attack, sourced to Ivanti zero-days, in efforts to share experiences with organization that may be facing similar incidents.
It’s a breath of fresh air to see an organization clearly detail the steps they took, along with identifying areas of improvement, when it comes to an incident like this. We highly recommend reading the post to learn more about their response and what they’ve identified as next steps.
LastPass phishing pages added to hacking kit
Link: BleepingComputer
Last week, LastPass warned of phishing campaigns targeting users using CryptoChameleon, an advanced phishing kit that was spotted earlier this year. LastPass discovered that its service was recently added to the kit, and a phishing site was hosted at a unique domain crafted for the attack.
While this isn't a call to action to migrate from LastPass (honestly, all password managers are going to be targeted because where they are keys, there's treasure!), it is a call to action to review your end user awareness training on a business and personal level.
