In this weekly Threat Intelligence Brief we look back at top stories and security related callouts to provide relevant and actionable insights for the information security consumer.
We reference threat intelligence gained through our position as a security provider as well as industry sources in the development of this brief.
In this edition:
Salt Typhoon telecom hack
FBI warns about criminal AI use
Holiday considerations for remote workers
CISA KEV updates
Chinese state sponsored hacking group, Salt Typhoon, is being held responsible for a successful hacking campaign targeting major US telecommunications providers over "likely one to two years" according to deputy national security advisor Anne Neuberger. The hack involves 8 major telecom companies and consists of compromising private communications, accessing wiretapping platforms, and stealing law enforcement request data. Reporting on the activity has named ‘intelligence gathering’ as the motivation for the operation and targeted individuals appear to include those in highly sensitive government positions.
In response, a joint publication titled "Enhanced Visibility and Hardening Guidance for Communications Infrastructure" was released by the FBI and CISA. As of this report's release date “identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure; no novel activity has been observed”. The publication goes on to list a number of different strategies for enhancing visibility, hardening infrastructure and even includes specific guidance for hardening Cisco appliances. In light of the hack, this is an ideal time for organizations to review both access and network configurations for any discrepancies.
Source: CISA
The FBI has issued a warning highlighting how criminals are leveraging generative artificial intelligence (AI) to enhance the scale and effectiveness of fraudulent schemes. By using generative AI, criminals significantly reduce the time and effort required to deceive their targets while increasing the plausibility of their scams. These AI tools process user-provided examples to generate entirely new content, enabling the creation of highly convincing material.
Generative AI also aids in minimizing human errors that could otherwise alert potential victims to fraudulent activity. While the creation or distribution of synthetic content is not inherently illegal, it can be weaponized to commit crimes such as fraud and extortion. Recognizing that distinguishing AI-generated content can be challenging, the FBI has provided examples to help the public identify how generative AI may be exploited in these schemes, promoting greater awareness and vigilance. Examples include AI-Generated Text, AI-Generated Images, AI-Generated Audio, aka Vocal Cloning and AI-Generated Videos Here are a few tips to help protect yourself:
Stay informed and alert to reduce the risk of falling victim to such evolving AI threats.
Source: FBI
As the holiday season nears, businesses often adapt to changing work patterns as employees travel, work remotely, or adjust their schedules to balance personal commitments. While this flexibility can enhance morale and productivity, it also introduces significant cybersecurity challenges.
The holiday season is a prime time for cybercriminal activity, as hackers exploit reduced staffing levels and lowered vigilance among employees caught up in the festive spirit. Remote work further amplifies these risks, with employees connecting from various locations and networks that may lack robust security measures. Ensuring the protection of sensitive company data and maintaining operational continuity during this period is more critical than ever. Organizations must stay vigilant and proactively address these seasonal vulnerabilities. A recent article from TechPulse highlights what organizations can do to help secure their remote workforce, especially during the holidays:
1. Implement a Robust VPN Solution
2. Enforce Secure Wi-Fi Practices
3. Strengthen or Implement Mobile Device Management
4. Conduct Security Awareness Training
5. Update and Enforce Access Controls
6. Enhance Email Security
7. Monitor and Patch Systems Regularly
CISA has added 4 new CVEs to their Known Exploited Vulnerability (KEV) catalog this week:
CVE-2024-11667 - Zyxel Multiple Firewalls Path Traversal Vulnerability (Known To Be Used in Ransomware Campaigns)- CVSS 9.8
CVE-2024-11680 - ProjectSend Improper Authentication Vulnerability - CVSS 9.8
CVE-2023-45727 - North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability - CVSS 7.5
CVE-2024-51378 - CyberPanel Incorrect Default Permissions Vulnerability (Known To Be Used in Ransomware Campaigns) CVSS 9.8
Don't know where to begin with vulnerability management?
Using CISAs KEV catalog as a risk-based approach can be a great way to help prioritize vulnerability remediation in your organization. This link provides guidance on how to implement the KEV CISA.
Source: Known Exploited Vulnerabilities Catalog | CISA
Coretek's managed SOC/SIEM customers benefit from the latest threat intelligence. If you're interested in learning more about what Coretek can offer your organization, please reach out: https://coretek.com/contact