Cyberattacks hit Taiwan to coincide with Speaker Pelosi’s visit
U.S. House of Representatives Speaker Nancy Pelosi made a quick visit to Taiwan this week, and as a result, Taipei experienced a sharp increase in cyberattacks. According to Reuters, “Taiwan’s digital minister Audrey Tang said the volume of cyberattacks on Taiwan government units on Tuesday, before and during Pelosi’s arrival, surpassed 15,000 gigabits, 23 times higher than the previous daily record.” Most of the attacks originated from addresses in China and Russia, but were not being attributed to the Chinese government, but to opportunistic hacktivists. An attack on Taiwan’s presidential website was followed by a DDoS attack on Taiwan’s Ministry of National Defense, on Wednesday, just after her departure. None of the attacks appear to show significant or lasting damage.
(Reuters and The Register)
Cisco addresses critical flaws in Small Business VPN routers
The flaw, tracked as CVE-2022-20842 resides in the web-based management interface of several Cisco Small Business VPN routers. This could allow an unauthenticated attacker to execute arbitrary code or trigger a denial of service (DoS) condition by causing an affected device to restart unexpectedly. According to an advisory published by Cisco, “the vulnerability is due to insufficient validation of user-supplied input to the web-based management interface.” It has received a CVSS Score of 9.8, and Cisco point out there are no workarounds that address this vulnerability.
DOJ now relies on paper for its most sensitive court documents, official says
The Justice Department has been filing most sensitive documents old school as of since January 2021 to avoid any chance of a breach or vulnerability in electronic filing systems compromising its high stakes cases. In an interview this past week, Deputy Assistant Attorney General for National Security Adam Hickey told CyberScoop “the department implemented the policy last year but did not connect that change to any specific breach or cybersecurity event.” However, the Administrative Office of the U.S. Courts did reveal “an apparent compromise” of the court system’s electronic case files on Jan 6, 2021 as well as “an incredibly significant and sophisticated cybersecurity breach,” that happened in early 2020 and that it “had lingering impacts” on the DOJ and other agencies.
New Linux malware brute-forces SSH servers to breach networks
A new botnet called ‘RapperBot’ which has been in use since mid-June, is using brute-force to penetrate Linux SSH servers. Based on the Mirai trojan, RapperBot deviates from the original malware’s style of uncontrolled propagation to as many devices as possible, instead focusing on initial server access, to attain lateral movement within a network. Over the past six weeks since its discovery, it has used over 3,500 unique IPs worldwide to scan and attempt brute-forcing the Linux SSH servers.
Thanks to this week’s sponsor, HYAS
HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and doesn’t require day-to-day hand-holding — letting you focus on keeping your business moving full forward.
Visit HYAS.com
Microsoft bolsters threat intelligence security portfolio with two new products
Drawing from last year’s acquisition of RiskIQ, Microsoft is adding two new threat-intelligence applications to its Defender product family, and separately offering new detection and response capabilities for SAP ERP systems to its Sentinel (security information and event management) product. Microsoft has developed Microsoft Defender Threat Intelligence, a standalone library of raw adversary data, which it says it is offering for free, accessible directly by all users, or from within its existing Defender family of security products. Microsoft has also released Microsoft Defender External Attack Surface Management, designed to scan users’ computing environments and connections to provide security teams with the same view an attacker has of their organization while selecting a target.
VMWare urges users to patch critical authentication bypass bug
VMware is urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system. The bug, tracked as CVE-2022-31656, with a CVSS rating of 9.8 is one of many fixes the company delivered in an update released on Tuesday. The critical authentication bypass bug is seen as the most dangerous of these vulnerabilities, and “likely will become more so as the researcher who discovered it–Petrus Viet of VNG Security–has promised in a tweet that a proof-of-concept exploit for the bug is soon to follow.”
Hive group demands £500,000 from British schools, citing cyber insurance policy
The Hive ransomware group is demanding £500,000 (about $608,000) from two schools in England. Students and parents of the Wootton Upper School and Kimberley College — which are both owned by Wootton Academy Trust in Bedfordshire, England — were informed last week by the hacking that student’s home addresses, banking information, and medical records had been exfiltrated and would be leaked if no payment was forthcoming. “Allan Liska, a ransomware expert at Recorded Future, called such a threat “bluster” aimed at frightening the parents, stating that having a £500,000 cyber insurance policy does not mean that an insurance company will pay it.”