Cyber Security Today, August 23, 2021 – Exchange Servers Under Attack, Ransomware Tips, and Industrial Control System Vulnerabilities Continue to Rise
Attacked Exchange servers, ransomware advice, and vulnerabilities in industrial control systems are on the rise.
Welcome to cybersecurity today. It’s Monday August 23. I’m Howard Solomon, contributing author on cybersecurity for ITWorldCanada.com.
IT administrators apparently do not receive the message about patching the on-premises versions of Microsoft Exchange. On Saturday, the U.S. Agency for Cyber and Infrastructure Security issued an urgent alert reminding administrators to install security updates for Exchange to protect against the exploitation of so-called ProxyShell vulnerabilities. . Microsoft released these fixes in May after being alerted to the possibility that these bugs could be used by attackers. On August 9, I reported to listeners that attackers were actively exploiting the vulnerabilities. But Huntress Labs researchers have seen an increase in scans of vulnerable Exchange servers from the end of last week. The US agency’s warning is another reminder that attackers always find unpatched versions of Exchange Server.
It comes because Symantec warns that vulnerabilities in Exchange called PetitPotam are exploited to install the new LockFile ransomware. After entering a victim’s network through Exchange Server, the PetitPotam vulnerability is used to gain access to domain controllers which are then used to install the ransomware. Symantec has seen at least 10 organizations affected by this ransomware. Microsoft has released mitigation measures for PetitPotam vulnerabilities.
Threat actors are believed to be using the unpatched ProxyShell vulnerabilities to launch Lockfile ransomware attacks.
For these IT administrators still without a ransomware strategy, the Cyber Security and Infrastructure Agency released a four-page guide last week. Among the tips: Keep offline encrypted backups of data; regularly test backup restoration procedures; have a cyber incident response plan to respond to any loss of critical IT functions; shutting down unnecessary remote access capabilities; regularly analyze applications to detect software vulnerabilities identified by vendors and correct them quickly; make sure antivirus and anti-malware software are up to date; and train employees to recognize suspicious emails and texts.
The canadian government Center for Cyber Security reminds IT administrators that Fortinet has released an important update for its FortiWeb management console. A command injection vulnerability could allow an attacker to gain access to a system.
The Center also notes that industrial equipment maker Siemens has released a firmware update for its client SINEMA Remote Connect, which is used to remotely connect to factories or machines.
While I’m on the subject of industrial equipment, a company that manufactures solutions to protect industrial control systems (ICS) says the number of vulnerabilities found in ICS products and operational technology continues to increase. In its latest report, Claroty found that 637 ICS vulnerabilities were disclosed in the first half of the year. This is almost 200 more than in the previous six months. But while 60 percent of software issues have been resolved, nearly 62 percent of defects in product firmware have gone unresolved or only a partial fix recommended. This is just the latest proof that it is difficult to find and fix bugs in industrial equipment connected to the Internet.
That’s it for now Remember that the links to the details on the podcast stories can be found in the text version at ITWorldCanada.com. This is where you will find other stories of mine as well.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker.