Cyber Intelligence Weekly

Cyber Intelligence Weekly (February 4, 2024): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight a solution from one of our strategic technology partners. This week, we highlight CrowdStrike Falcon Fusion.

CrowdStrike Falcon Fusion

CrowdStrike Falcon Fusion

Echelon Risk + Cyber proudly cultivates a diverse network of strategic relationships with leading vendors in the Cybersecurity Industry. These collaborations empower Echelon to deliver premium services to our clients through cutting-edge technology and valuable insights. In our ongoing effort to bring top-shelf knowledge, each week, we want to spotlight a distinguished partner solution offered at Echelon. This week’s focus is on CrowdStrike’s Falcon Fusion solution.

Falcon Fusion stands as a native feature within the Falcon platform, providing an integrated suite of Security Orchestration, Automation, and Response (SOAR) capabilities. This innovative tool streamlines analyst workflows by automating actions for specific and complex scenarios. Leveraging a user-friendly workflow builder, Falcon Fusion allows the customization of responses within the Falcon console, triggered by incidents, detections, cloud security findings, and user updates.

CrowdStrike

Falcon Fusion proves to be a highly valuable solution, effectively curbing the influx of false positives, reducing the mean-time-to-respond (MTTR), and alleviating the burden on security analysts. Its automated workflows seamlessly integrate with other platform features and select third-party security and IT tools, such as ServiceNow or Jira. This integration not only enhances efficiency but also facilitates quicker responses to emerging threats.

As we wrap up this insightful highlight of Falcon Fusion, we look ahead with anticipation. Echelon Risk + Cyber remains dedicated to pushing the boundaries of cybersecurity innovation, forging partnerships that empower us to stay at the forefront of industry trends. If your organization is grappling with specific security challenges, allow Echelon to help alleviate the burden. Reach out to discuss how we might help your organization, and stay tuned for more solution highlights in the weeks to come!

Away we go!

1. China's Cyber Threat Looms Large Over U.S. infrastructure; the FBI Warns

This past week, Christopher Wray, the Director of the Federal Bureau of Investigation (FBI), issued a stark warning to Congress about China's increasing cyber threats against the United States, particularly targeting critical infrastructure such as the power grid, oil pipelines, and water systems. This escalation in cyber operations by China, identified as part of their preparation for potential conflicts, notably over Taiwan, aims to sow chaos, undermine American resolve, and disrupt military deployments. The FBI and Justice Department have acted against these threats, notably identifying and countering the activities of Volt Typhoon, a hacking network directed by Beijing, which infiltrated various critical infrastructure systems through small business, contractor, and local government networks.

Wray's testimony highlighted the FBI's efforts to counteract these cyber threats, including the successful court-ordered access to servers compromised by Volt Typhoon. Despite these efforts, Wray emphasized the challenges in engaging small businesses and local governments to report suspicious activities, which could help prevent wider cyberattacks. Additionally, the Justice Department has unveiled charges against four Chinese citizens accused of smuggling electronic components to Iran, showcasing the multifaceted nature of the threat posed by China to U.S. national security.

These revelations come amid broader concerns about China's cyber and espionage activities, including efforts to disrupt U.S. infrastructure and steal intellectual property. U.S. officials, including Gen Paul M. Nakasone and Jen Easterly, underscore the severity of these threats, emphasizing the need for heightened cybersecurity measures and international cooperation to safeguard American interests. China's focus on civilian infrastructure, motivated by the potential to induce societal panic and influence geopolitical outcomes, marks a significant escalation in cyber warfare tactics, contrasting sharply with the more restrained approach historically attributed to democratic nations.

2. AnyDesk Confirms Security Breach: Source Code and Keys Stolen

AnyDesk, a widely used remote access solution, has confirmed a security breach that compromised the company's production systems. This cyberattack led to the theft of source code and private code signing keys, raising significant concerns within the cybersecurity community. AnyDesk, utilized by enterprises for remote support and accessing servers, boasts 170,000 customers, including notable organizations like 7-Eleven, Comcast, Samsung, and the United Nations. The breach was first identified upon detecting unusual activity on their production servers, prompting a thorough security audit conducted with the assistance of cybersecurity firm CrowdStrike.

The incident, which did not involve ransomware, saw the attackers gain unauthorized access to AnyDesk's servers. In response, AnyDesk has revoked compromised security certificates and taken steps to replace or remediate affected systems. To ensure the continued safety of its users, AnyDesk has assured that the software remains secure to use, provided that customers update to the latest version featuring a new code signing certificate. The company has also initiated the process of revoking all passwords to their web portal as a precautionary measure, advising users to change their passwords, especially if they are reused across different sites.

This breach highlights the ongoing cybersecurity threats facing prominent companies, with AnyDesk undertaking significant measures to mitigate the impact of the attack. The incident underlines the importance of maintaining robust security practices, including regular updates and password management, to protect against potential vulnerabilities. As the cybersecurity landscape continues to evolve, incidents like these serve as a critical reminder of the need for vigilance and proactive security strategies.

3. Ivanti Unveils New Zero-Day Amid Ongoing VPN Vulnerability Crisis

Ivanti, a provider of corporate VPN solutions, has issued a warning about a new zero-day vulnerability being exploited by hackers, in addition to two previously known zero-days affecting its Connect Secure VPN appliance. Since early December, these vulnerabilities have been exploited by Chinese state-backed hackers to infiltrate customer networks and steal data. Ivanti disclosed two additional flaws, CVE-2024-21888, a privilege escalation vulnerability, and CVE-2024-21893, a server-side bug allowing unauthorized access to restricted resources, which has seen "targeted" exploitation.

Germany's Federal Office for Information Security (BSI) has reported multiple compromised systems due to these new vulnerabilities, particularly emphasizing the risk posed by the server-side bug to systems previously considered secure. Ivanti anticipates an increase in attacks following the public disclosure of these vulnerabilities. Although less than 20 customers were initially reported affected, Volexity's findings suggest that the actual number could be significantly higher, with at least 1,700 appliances exploited worldwide across various industries.

On the same day Ivanti announced these vulnerabilities, the company released patches for the Connect Secure VPN product, including fixes for both newly discovered flaws. This patch release, which aims to protect against both the old and new vulnerabilities, came a week later than planned. Ivanti has advised customers to perform a factory reset of their appliances before applying the patch to eliminate any lingering threats. This ongoing situation underscores the critical need for vigilance and prompt action in cybersecurity to protect against evolving threats.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Sign up to get Cyber Intelligence Weekly in your inbox.
Latest Intelligence