Cyberattack attempts on Ukraine surge tenfold
A Russia-supporting threat actor has compromised at least 30 Ukrainian universities as vulnerability exploit attempts have surged, according to Wordfence. The attack campaign spiked on February 25th as the invasion began. According to Mark Maunder., CEO of Defiant, the parent company of Wordfence, total attempts to exploit WordPress vulnerabilities in Ukraine reached 144,000 on the day of the invasion, around three times that of daily attacks from earlier in the month. Their data confirms a ten-fold increase in the average daily number of attacks.”
Ukraine’s “IT army” targets Belarus railway network, Russian GPS
Ukraine’s “IT army” of volunteer hackers announced a new set of targets yesterday, including the Belarusian railway network, Russian telecom companies, and GLONASS, which is Russia’s alternative to the Global Positioning System (GPS) satellite navigation network. As we have been reporting, Ukraine has called on its hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops. Kyiv announced the formation of its “IT army” on Saturday. This attack on the Belarusian railway network appears to be different from the ransomware attack that was deployed in late January.
(Reuters)
Eight-character passwords can be cracked in less than 60 minutes
In a new research paper published yesterday, Hive Systems states that any password with less than seven characters can be brute-forced “instantly.” Its findings show how more accessible and affordable cloud computing services make it simpler to crack passwords than two years ago, when the company showed that a relatively strong eight-character password was crackable in eight hours. They further state that password managers are the best bet for protecting passwords, with a 12-character password created by a password manager could take some 3,000 years to brute-force crack.
Free decryptor released for HermeticRansom victims in Ukraine
Avast has released a decryptor for the HermeticRansom ransomware strain used in targeted attacks against Ukrainian systems over the past ten days. The decryptor is offered as a free-to-download tool from Avast’s website and can help Ukrainians restore their data quickly and reliably. The first signs of HermeticRansom’s distribution were observed by ESET researchers on February 23, mere hours before the invasion of Russian troops unfolded in Ukraine.
There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week.
False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io.
Cisco patches critical vulnerabilities in Expressway, TelePresence VCS products
Tracked as CVE-2022-20754 and CVE-2022-20755 and featuring a CVSS score of 9.0, the two security holes can be exploited by a remote, authenticated attacker to write files or execute code on the underlying operating system with root privileges. Residing in the cluster database API of Expressway and TelePresence VCS, the first of the issues can be exploited to launch directory traversal attacks and overwrite arbitrary files on the underlying OS, with root privileges, and the second bug can be exploited for arbitrary code execution, Cisco explains in an advisory. The company says it is not aware of any of these vulnerabilities being exploited in attacks, however, it advises customers to update to a patch release as soon as possible.
Amazon Alexa can be hijacked via commands from own speaker
Without a critical update, Amazon Alexa devices could wake themselves up and start executing audio commands issued by a remote attacker, according to infosec researchers at Royal Holloway, University of London. They discovered the flaw, nicknamed Alexa versus Alexa (AvA), describing it as “a command self-issue vulnerability,” in which self-activation of the Echo device happens when an audio file reproduced by the device itself contains a voice command,” the researchers said. The researchers suggested in their paper that the triggering files could be hosted on an internet radio station tunable by an Amazon Echo.
Cyberattacks in Ukraine could reach other countries
While the majority of cyberattacks in Ukraine are planned and highly targeted, there are signs that things are set to change. A new Trojan dubbed “FoxBlade” was discovered by Microsoft researchers on Ukrainian government systems that would allow attackers to use infected PCs in DDoS attacks. Experts are concerned that malware operators will try to infect as many systems as possible with it, inside and outside of Ukraine, to make the attacks more powerful.
Over 100,000 medical infusion pumps vulnerable to attack
Researchers from Palo Alto Networks have analyzed more than 200,000 medical infusion pumps on the networks of hospitals and other healthcare organizations and discovered that 75% are affected by known vulnerabilities that could be exploited by attackers. One of the most interesting findings that emerged from the report is that 52% of all infusion pumps analyzed by the experts were susceptible to two vulnerabilities publicly disclosed in 2019. These data are disconcerting considering that the average infusion pump has a life of eight to 10 years. Of the top ten vulnerabilities identified, six had a CVE rating of 9.8.