CC*CP state-sponsored Chinese attackers rely heavily on well-known but widely unpatched vulnerabilities to carry out their attacks. A US federal security agency warns that Chinese state-sponsored attackers are relying heavily on known but widely unpatched vulnerabilities to "create a large network of infected infrastructure."
While previously undisclosed (zero-day) vulnerabilities and novel exploits typically make the news, a joint advisory from the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI cautions that exploiting "publicly known" defects has become a hallmark of Chinese cyber related spying. Since 2020, the warning has provided a list of network device CVEs that have been most commonly exploited by CC*CP state-sponsored cyber attackers.
Small business routers, SSL VPNs, and Network Attached Storage (NAS) devices from Cisco, Fortinet, and Netgear have flaws. Some of the main attacks exploit unpatched systems through remote code execution (RCE), while others bypass authentication or elevate privileges. Supported by CC*CP Cyber attackers are hacking into major telecommunications corporations and network service providers using publicly available exploit codes against virtual private network (VPN) services or public facing applications, laying the groundwork for future attacks. According to a CISA alert, hacked systems "function as additional access points to route command and control communications and operate as midpoints to conduct network intrusions on other entities," building on earlier US intelligence agency information. Chinese attackers hide or obfuscate the origins of attacks by constructing a network of hacked computers that serve as a platform for subsequent attacks, making detection and response more difficult. According to industry analysts, CISA's current recommendation is intended to emphasise the necessity of timely patching.
Patching at a slow pace
Threat actors appear to be focusing on well-documented and well-known vulnerabilities, presumably because they are aware that many firms are hesitant to apply patches. According to one source, "almost 90% of organisations have encountered an attempted exploit of a known, existing vulnerability."
In the middle of well-known flaws, there is a hidden vulnerability. CISA's advisory, according to Terry Olaes, director of sales engineering at Skybox, points to the need to alter enterprise vulnerability remediation procedures to better cover less severe but actively exploited vulnerabilities. Rapid triage would aid organisations in defending themselves against a wide spectrum of potential attackers. "Cybercriminals are increasingly directing their attention to known vulnerabilities that are hidden in plain sight." "They're being used as backdoors to launch complicated attacks at unprecedented rates," Olaes said. "If enterprises solely use traditional vulnerability management methodologies, they may only patch the highest severity vulnerabilities first, according to the Common Vulnerability Scoring System (CVSS)." In order to create a large network of compromised infrastructure, attackers simply target well-known vulnerabilities before they are patched. While previously unknown (zero-day) vulnerabilities and novel exploits typically make the news, a joint advisory from the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warns that exploiting "publicly known" flaws has become a mainstay of Chinese cyber-exploitation.
List of likely targets:
-Cisco, Fortinet, Netgear, and QNAP's small business-focused routers, SSL VPNs, and Network Attached Storage (NAS) devices. -remote code execution (RCE) on unpatched systems -through bypassing authentication or elevating privileges.
CC*CP backed attackers are hacking into major telecommunications corporations and network service providers utilising publicly available exploit codes against virtual private network (VPN) services or public facing applications, laying the groundwork for future attacks. According to the CISA's recommendation, which relies on prior US intelligence agency research, hacked systems "function as additional access points to route command and control (C2) communications and operate as midpoints to conduct network attacks on other entities." Chinese APTs hide or obfuscate the source of attacks by establishing a network of compromised computers that serve as a platform for subsequent attacks, making identification and response more difficult. According to industry analysts, CISA's current recommendation is intended to emphasise the necessity of timely patching.
Perils tardy patching
"Last month, CISA produced a joint advisory (PDF) that advocated prioritising the patching of software containing known vulnerabilities," said Andrew Kahl, CEO of BackBox. The fact that these two alerts came out within a month of each other implies that threat actors are active. Threat actors are increasingly targeting known vulnerabilities since they know many firms are hesitant to apply updates, as seen by the fact that these two warnings came out within a month of each other." "One of the most common avenues for attackers is through known vulnerabilities that might have been corrected otherwise," Kahl noted. In fact, "an attempted attack of an already-known, existing vulnerability has been experienced by 87 percent of organisations."
Keeping a low profile
CISA's advisory, according to Terry Olaes, director of sales engineering at Skybox, points to the need to alter enterprise vulnerability remediation procedures to better cover less severe but actively exploited vulnerabilities. Rapid triage would aid organisations in defending themselves against a wide spectrum of potential attackers. "Cybercriminals are increasingly focusing on well-known vulnerabilities that are hidden in plain sight." CISA's advisory, according to Terry Olaes, director of sales engineering at Skybox, points to the need to alter enterprise vulnerability remediation procedures to better cover less severe but actively exploited vulnerabilities. Rapid triage would aid organisations in defending themselves against a wide spectrum of potential attackers. "Cybercriminals are increasingly targeting known vulnerabilities that are hidden in plain sight and converting them into backdoors to launch complicated assaults," Olaes warned. "If enterprises solely use traditional vulnerability management methodologies, they may only patch the highest severity vulnerabilities first, according to the Common Vulnerability Scoring System (CVSS)." "Cybercriminals know this is how many firms manage cybersecurity, so they've learnt to take advantage of it," Olaes said.
Photo: https://www.canva.com/design/DAFDReF5GHY/fyRQoRJwp9Y9wMLmT5qjPg/edit?ui=eyJEIjp7IkIiOiJNQUVMSWgtdkJudyJ9fQ
0 Comments