The US Suffers Multiple Attacks By Russian Hackers

The National Security Agency, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, and the FBI has released a joint alert statement, warning that nation-state threat actors from Russia are actively targeting and exploiting five publicly known vulnerabilities to compromise US networks.
 
According to the US government nation-state threat actors with ties to Russia are actively exploiting five publicly known vulnerabilities to compromise a range of entities within the US and its allies. The Biden administration says it has been clear that the US wants a stable relationship with Russia. But now the Biden administration is taking actions to impose costs on Russia for actions by its government and intelligence services against the US.
 
The news followed the Biden Administration’s sanctions against the Russian government, which formerly attributed SolarWinds supply-chain attack to the country’s foreign service: the Russian Foreign Intelligence Service (SVR) actors, also known as APT29, Cozy Bear, and The Dukes. “The US Intelligence Community has high confidence in its assessment of attribution to the SVR,” according to the White House statement. “The SVR’s compromise of the SolarWinds software supply chain gave it the ability to spy on or potentially disrupt more than 16,000 computer systems worldwide.”
 
The US National Security Agency (NSA) the Cybersecurity, the Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), has recently said that nation-state actors are using five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualisation technologies to attack US and allied national-security and government networks. 
 
The NSA say that the attack, which is ongoing is directed by by the Russian Foreign Intelligence Service (SVR) who are exploiting five publicly known vulnerabilities. 
 
“NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. 
“NSA, CISA, and FBI also recognise all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace”, says the NSA.
 
According to the NSA,the hackers are conducting “widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access.” According to the NSA, the following are under widespread attack in cyber-espionage efforts:

The 5 Vulnerabilities Being Actively Exploited

CVE-2018-13379:   A directory traversal vulnerability in Fortinet FortOS allows unauthenticated attackers to access and download system files, by sending specially crafted HTTP resource requests. 
 
CVE-2019-9670:  This bug is an XML External Entity Injection (XXE) vulnerability in the mailbox component of the Synacore Zimbra Collaboration Suite.  Attackers can exploit it to gain access to credentials to further their access or as an initial foothold into a target network. 
 
CVE-2019-11510:   In Pulse Secure VPNs, a critical arbitrary file-reading flaw opens systems to exploitation from remote, unauthenticated attackers looking to gain access to a victim’s networks. 
 
CVE-2019-19781:  This critical directory-traversal vulnerability in the Citrix Application Delivery Controller (ADC) and Gateway that can allow remote code-execution. 
 
CVE-2020-4006:   And finally, a command-injection vulnerability in VMWare Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector allows arbitrary command execution on underlying operating systems. 

The NSA recommended several best practices to protect organisations from attack:

• Update systems and products as soon as possible after patches are released.
• Assume a breach will happen; review accounts and leverage the latest eviction guidance available.
• Disable external management capabilities and set up an out-of-band management network.
• Block obsolete or unused protocols at the network edge and disable them in client device configurations.
• Adopt a mindset that compromise happens: Prepare for incident response activities.
 
NSA:       The White House:     Threatpost:      Health IT Security:      Cyber News Group:      Image: Unsplash
 
You Might Also Read:
 
Western Nations Face A ‘moment of reckoning’ Over Cyber Security:
 
« MI5 Joins Instagram
Two-Factor Authentication Matters More Than Ever »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.