Cybersecurity Warning: Russian Hackers Are Targeting These Vulnerabilities, So Patch Now

Russian cyber attacks are being deployed with new techniques - including exploiting vulnerabilities like the recent Microsoft Exchange zero-days - as its hackers continue to target governments, organisations and energy providers around the world.

A joint advisory by, the US Department for Homeland Security's Cybersecurity Infrastructure Security Agency (CISA), FBI and the National Security Agency (NSA),as well as the UK National Cyber Security Centre looks to warn organisations about updated Tactics, Techniques and Procedures (TTPs) used by Russia's foreign intelligence service, the SVR - a group also known by cybersecurity researchers as APT29, Cozy Bear, and The Dukes

It comes after cybersecurity agencies in the US and the UK attributed the SolarWinds attack to Russia's civilian foreign intelligence service, as well as several campaigns targeting Covid-19 vaccine developers.

"The SVR is a technologically sophisticated and highly capable cyber actor. It has developed capabilities to target organisations globally, including in the UK, US, Europe, NATO member states and Russia's neighbours," said the alert.

The advisory warns that Russian cyber attackers have updated their techniques and procedures in an effort to infiltrate networks and avoid detection, especially when some organisations have attempted to adjust their defences after previous alerts about cyber threats.

This includes the attackers using open source tool Sliver as a means of maintaining access to compromised networks and making use of numerous vulnerabilities, including vulnerabilities in Microsoft Exchange.

Sliver is an open source red team tool, a tool used by penetration testers when legally and legitimately testing network security, but in this case is being abused to consolidate access to networks compromised with WellMess and WellMail, custom malware associated with SVR attacks.

SEE: Network security policy (TechRepublic Premium)

Although the paper warns that this isn't necessarily a full list, other vulnerabilities - all of which have security patches available - used by Russian attackers, include: 

  • CVE-2018-13379 FortiGate
  • CVE-2019-1653 Cisco router
  • CVE-2019-2725 Oracle WebLogic Server
  • CVE-2019-9670 Zimbra
  • CVE-2019-11510 Pulse Secure
  • CVE-2019-19781 Citrix
  • CVE-2019-7609 Kibana
  • CVE-2020-4006 VMWare
  • CVE-2020-5902 F5 Big-IP
  • CVE-2020-14882 Oracle WebLogic
  • CVE-2021-21972 VMWare vSphere 

The attackers are also targeting mail servers as part of their attacks as they're useful staging posts to acquire administrator rights and the ability to further network information and access, be it for gaining a better understanding of the network, or a direct effort to steal information.

But despite the often advanced nature of the attacks, the paper by US and UK cybersecurity authorities says that "following basic cyber security principles will make it harder for even sophisticated actors to compromise target networks".

This includes applying security patches promptly so no cyber attackers – cyber criminal or nation-state backed operative – can exploit known vulnerabilities as a means of entering or maintaining persistence on the network.

Guidance by the NCSC also suggests using multi-factor authentication to help protect the network from attack, particularly if passwords have been compromised.

MORE ON CYBERSECURITY

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more