Weekly Cyber News Roundup

October 16th to October 20th 2023

Content 

01. News Bites
  •  Cisco issues urgent warning to customers over actively exploited zero day vulnerability
  • Ukrainian Telecom providers hit by cyber attacks
  • Number of Irish companies hit by a cyber attack increased 22% year on year in 2023
  • Equifax still paying the price for 2017 breach as UK’s FCA fines it £11 million
  • New report shows Maritime companies paying ransoms in increasing numbers
02. Conclusion

Quick News Bites

Cisco issues urgent warning to customers over actively exploited zero day vulnerability

Cisco has issued an urgent advisory to its customers following the identification of a severe zero-day vulnerability that has been actively exploited, granting hackers administrative control over compromised networks. Cisco's Talos security team warns that successful exploitation allows the attacker to create a user account with the highest privilege level, essentially giving them full control over the affected device. The vulnerability is deemed so critical that Cisco has strongly advised its users to immediately follow remediation steps provided in its PSIRT advisory.

The security flaw, designated as CVE-2023-20198, has a maximum severity rating of 10. It affects the Web User Interface of Cisco IOS XE software when exposed to untrusted networks or the internet. Devices running IOS XE, including switches, routers, and wireless LAN controllers, are vulnerable if they have the HTTP or HTTPS Server feature enabled and are internet-exposed. According to the Shodan search engine, up to 80,000 devices connected to the internet could potentially be compromised.

Unknown threat actors have reportedly been exploiting this zero-day vulnerability since September 18. After gaining authorized user status, these attackers create a local user account and typically proceed to deploy an implant for executing malicious commands. Although the implant itself is cleared upon rebooting the system, the created user accounts remain intact.

Talos has observed that the attackers also exploit a previously patched medium-severity flaw, CVE-2021-1435, on fully patched devices through an unidentified mechanism. Cisco urgently calls for immediate action to protect vulnerable devices, emphasizing the high risk posed by this actively exploited vulnerability.

Ukrainian Telecom providers hit by cyber attacks

The Ukrainian Computer Emergency Response Team (CERT-UA) has disclosed a series of cyberattacks targeting 11 telecom providers in the country between May and September 2023. The intrusions, codenamed UAC-0165 by the agency, led to significant service disruptions for users. Initially, attackers conduct reconnaissance, scanning telecom networks for vulnerable RDP or SSH interfaces. CERT-UA notes that these activities often originate from compromised servers within Ukraine, using proxy servers like Dante and SOCKS5 to route traffic.

The attackers deploy specialized software, namely POEMGATE and POSEIDON, to steal credentials and gain remote control over infected systems. To cover their tracks, they execute a utility called WHITECAT. Furthermore, they maintain persistent unauthorized access via regular VPN accounts lacking multi-factor authentication safeguards. Successful breaches lead to attempts to disable key network and server components, specifically targeting Mikrotik equipment and data storage systems.

In a related development, CERT-UA also reported a series of phishing attacks during the first week of October 2023, executed by a group identified as UAC-0006. These attackers leverage compromised legitimate email accounts to distribute SmokeLoader malware. Their ultimate aim is to infiltrate accountants' computers to steal authentication data or manipulate financial documents in remote banking systems for fraudulent transactions.

Number of Irish companies hit by a cyber attack increased 22% year on year in 2023

New data from Hiscox has revealed a worrying surge in cyberattacks against Irish companies, with over 70% experiencing at least one cyber incident in the past year, marking a 22% rise from the previous year when only 50% reported an attack.

Ireland led in the median average number of attacks among all countries studied, witnessing a fourfold increase year-over-year. Globally, 53% of companies reported at least one cyberattack.

Corporate-owned servers were the most frequent entry points for attackers, and Payment Diversion Fraud was the most common financial repercussion. Despite the escalation, the overall cost of cyberattacks in Ireland remains 'relatively low.' Over half the companies indicated annual cyber costs below €10,000. The median cost of an attack has dropped to €8,860, and the largest single attack cost €118,128—significantly less than the €5.2 million reported in 2022.

Ireland also has the highest likelihood of paying ransoms, at 77%, but only one-third of companies reported full data recovery after payment. Cyber insurance is most prevalent in Ireland, with 69% of companies owning policies, and 44% having standalone plans. Despite IT budgets nearly doubling, cyber-specific spending saw only a marginal rise, from 22% to 23%.

Equifax still paying the price for 2017 breach as UK’s FCA fines it £11 million

Equifax has received a £11 million fine by the UK's Financial Conduct Authority (FCA) for its role in what is considered "one of the largest" data breaches in history.

The cyber security incident occurred in 2017 when Equifax Inc., the U.S.-based parent company, was hacked, compromising the personal data of as many as 147.9 million global customers. The FCA disclosed that this breach also jeopardised the personal information of 13.8 million UK-based clients.

The compromised data included customer names, birth dates, partial credit card information, addresses, and Equifax login credentials. The FCA stated that the breach was "entirely preventable," criticising Equifax for known security weaknesses and the failure to take adequate measures to safeguard UK customer data. Moreover, the UK arm of Equifax was not informed about the breach until six weeks after it was discovered by its U.S. counterpart.

In 2018, the British Information Commissioner’s Office (ICO) had already fined the company $60,727 for the data breach. Equifax revealed that it had fully cooperated with the FCA's extensive investigation, resulting in a reduced fine. Patricio Remon, the European president for Equifax, said the company has since invested over $1.5 billion in security and technology transformation.

New report shows Maritime companies paying ransoms in increasing numbers

A new report indicates a concerning rise in ransomware payments among maritime companies, with the average cost of restoring computer systems soaring to $3.2 million in 2023. Conducted by law firm HFW and maritime cybersecurity firm CyberOwl, the study surveyed over 150 industry professionals and found that 14% had paid ransoms after cyberattacks this year, a stark increase from just 3% in 2022. The report warns that new satellite systems aimed at enhancing sea connectivity could potentially expose ships to increased cyber security risks.

This follows an earlier study by DNV, suggesting that a significant majority—over 75%—of maritime professionals anticipate a strategic waterway or major port facing a cyber-induced shutdown within two years. Furthermore, 90% believe that ship or fleet operations are likely to be disrupted due to cyber threats in the near future, and over half predict that such attacks could lead to physical harm or even fatalities. The findings add urgency to growing concerns about cyber security vulnerabilities in the maritime sector.

Closing Summary

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

Disclaimer

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.

Need advice?

If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.

More detailed threat intelligence news?

If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.

We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.

Security-first-stacked-logo4-No-Padding

Cyber Security Conference

STOCKHOLM | 17 October 2023

Integrity360's flagship conference Security First comes to Stockholm in 2023!

Join leading cybersecurity experts from across the community as we explore the latest threats and industry trends, and learn practical strategies to safeguard your organisation.