The US Suffers Multiple Attacks By Russian Hackers

The National Security Agency, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, and the FBI has released a joint alert statement, warning that nation-state threat actors from Russia are actively targeting and exploiting five publicly known vulnerabilities to compromise US networks.
 
According to the US government nation-state threat actors with ties to Russia are actively exploiting five publicly known vulnerabilities to compromise a range of entities within the US and its allies. The Biden administration says it has been clear that the US wants a stable relationship with Russia. But now the Biden administration is taking actions to impose costs on Russia for actions by its government and intelligence services against the US.
 
The news followed the Biden Administration’s sanctions against the Russian government, which formerly attributed SolarWinds supply-chain attack to the country’s foreign service: the Russian Foreign Intelligence Service (SVR) actors, also known as APT29, Cozy Bear, and The Dukes. “The US Intelligence Community has high confidence in its assessment of attribution to the SVR,” according to the White House statement. “The SVR’s compromise of the SolarWinds software supply chain gave it the ability to spy on or potentially disrupt more than 16,000 computer systems worldwide.”
 
The US National Security Agency (NSA) the Cybersecurity, the Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), has recently said that nation-state actors are using five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualisation technologies to attack US and allied national-security and government networks. 
 
The NSA say that the attack, which is ongoing is directed by by the Russian Foreign Intelligence Service (SVR) who are exploiting five publicly known vulnerabilities. 
 
“NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. 
“NSA, CISA, and FBI also recognise all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace”, says the NSA.
 
According to the NSA,the hackers are conducting “widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access.” According to the NSA, the following are under widespread attack in cyber-espionage efforts:

The 5 Vulnerabilities Being Actively Exploited

CVE-2018-13379:   A directory traversal vulnerability in Fortinet FortOS allows unauthenticated attackers to access and download system files, by sending specially crafted HTTP resource requests. 
 
CVE-2019-9670:  This bug is an XML External Entity Injection (XXE) vulnerability in the mailbox component of the Synacore Zimbra Collaboration Suite.  Attackers can exploit it to gain access to credentials to further their access or as an initial foothold into a target network. 
 
CVE-2019-11510:   In Pulse Secure VPNs, a critical arbitrary file-reading flaw opens systems to exploitation from remote, unauthenticated attackers looking to gain access to a victim’s networks. 
 
CVE-2019-19781:  This critical directory-traversal vulnerability in the Citrix Application Delivery Controller (ADC) and Gateway that can allow remote code-execution. 
 
CVE-2020-4006:   And finally, a command-injection vulnerability in VMWare Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector allows arbitrary command execution on underlying operating systems. 

The NSA recommended several best practices to protect organisations from attack:

• Update systems and products as soon as possible after patches are released.
• Assume a breach will happen; review accounts and leverage the latest eviction guidance available.
• Disable external management capabilities and set up an out-of-band management network.
• Block obsolete or unused protocols at the network edge and disable them in client device configurations.
• Adopt a mindset that compromise happens: Prepare for incident response activities.
 
NSA:       The White House:     Threatpost:      Health IT Security:      Cyber News Group:      Image: Unsplash
 
You Might Also Read:
 
Western Nations Face A ‘moment of reckoning’ Over Cyber Security:
 
« MI5 Joins Instagram
Two-Factor Authentication Matters More Than Ever »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

GuardSquare

GuardSquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

Firmus

Firmus

As the leading penetration testing services provider in Malaysia, Firmus evaluates the ability of your internal or external information assets to withstand attacks.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Lab 1

Lab 1

Lab 1 turns criminal data breaches and attacks into insights. Get alerts of data breaches or ransomware attack incidents as they happen.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.