Cybersecurity 2022

Cybersecurity 2022

As we have seen in just the first 4 weeks of 2022, the threats are not going away. The Advanced Persistent Threat (ATP) Groups are increasing in number, scale of capabilities, and include individuals that are incredibly smart. But in addition to that we have situations like what has been announced yesterday, a 12 year vulnerability in Every Distribution of Linux from (RedHat to Kali) if an attack gains access to a non-root account they can elevate privileges to root without the need for authentication. My point in saying this is that it is not just the Cybercriminals that are causing the situation we are currently facing in the world. We also have other factors that include: Operating System (OS) Vulnerabilities, Software Vulnerabilities, Misconfigurations of the System/Network Architecture, and countless other potential entry points. All that and still not mentioning the End User. All of which I will go through...I hope this Newsletter finds you happy, able to access it, and ready for the weekend!

To start what is going on in the Cybersecurity World today? Malware with subtypes including but not limited to: Trojans (RAT or Not), Ransomware, Killware, and Spyware. And that is just the Malware, not included were the vulnerabilities that are being found everyday in systems from Microsoft Windows to CentOS to Every Linux Distro like I mentioned earlier in the article. These are just the Operating Systems, Software's especially those that are outside facing, meaning connected to and being used by the Internet in some manner are finding vulnerabilities weekly. Libraries from coding languages including huge names like Python (25+ years Old) and JavaScript are introducing Malware. VMWare's ESXi hosts have vulnerabilities now allowing Remote Control Access, via the iLO (In Layman's Term a Remote Controlling Tool) and via other means in the coding of the systems allowing Virtual Machine Creation. I will stop here for now in the listing of things or this would be an endless Newsletter and more a Book.

To go back to what I mentioned earlier and delve deeper into what is going on let's start with the current situation in Operating Systems (OS). OS's have been facing the same heightened criminal activity that all software and organization have been, as well as researchers looking as to protect themselves and others from Vulnerabilities in the OS that would allow an attacker access to the machine. At this current time we have things such as MSHTML a Windows based threat that allows for many different attacks due to the nature of it allowing the attacker full access to the machine. We have CentOS dealing with a vulnerability allowing the same thing due to it's encryption, as well as all Linux distro's being vulnerable now for the last 12 years of privilege escalation meaning if they can get into the server they can own the server. MacOS released an update yesterday patching it's vulnerability that was found in Safari allowing the same. So regardless of the system you are running there is a method in which an attack if they truly desire they can get into your system.

Software Vulnerabilities while I did not put together a list are there daily in that a human being is coding these applications, and thus what do we say, "No One Is Perfect." Well it seems no group is perfect, but in addition to that programming is done in chunks one person may be working on one piece of the code while another is working on a separate piece. What they do not realize is when combined these pieces allow for an attacker to get into the system. That is what QA is for but as we have seen QA is not catching everything as it is human based as well, while they do have products even Github has one that will scan for vulnerabilities, there is still not a 100% reliable detection system of software programming errors that allow for vulnerabilities to be exploited. I will go ahead and mention the Libraries I was talking about earlier in this, so far both Wordpress, JavaScript with NPM and Python with PyPi have had libraries that are widely used that are inserting either backdoors into the system, or malware spreading tools upon the site being visited your machine is infected. Which leads to another mention I wanted say earlier, yesterday Microsoft Security mitigated the largest in history DDOS (Distributed Denial-of-Service) Attack at 3.6 Tbps most likely stemming from these vulnerabilities, as no one machine has that much bandwidth. It is a group a machines networked together into what we call a Botnet that is all set to attack a target at the same time thus rendering that target's bandwidth abilities full and shutting down it's networking capabilities. The fact that 3.6 TBPS was reached is incredible but also it was done the day prior to the disclosure by a supplier of both Apple's and Tesla's power components being attacked via Ransomware and having 12,000+ endpoints and 1400+ Servers encrypted, but if prior to inserting that Ransomware they ran a botnet ddos attack that would be the estimated number of machine it would take to achieve such a large-scale attack.

Next I mentioned Network and System Misconfiguration, again nobody is perfect so when we see all of these Cloud based systems breached it is most likely due to a misconfiguration somewhere. Because in all reality a Cloud is simply a set of computers in a datacenter that you don't own or maintain, otherwise we would simply call it a Network, with a datacenter if self-managed. Although we have had situations like F5 last week patched a hole, and VMWare as I mentioned has both ESXi and iLO issues right now, but in the grand scheme of things the primary cause for the breach of secured networks or clouds is misconfiguration due to human error.

Now we get to the End User....In any situation the end-user is going to be your weakest point be it from phishing, smishing, or actually physically calling using Social Engineering methods. Attackers are gaining access to End-User Credentials which then allows the vulnerabilities mentioned such as privilege escalation to be done instantly without having to password spray, dictionary attack, or brute-force the password. Until we have Artificial Intelligence managing all aspects of the network from end to end this will be the case, and even then we have the question of if the AI was designed by AI or humans as if by humans it most likely has a vulnerability. However, as of yesterday I saw an article about AI building AI ("Grey Matter Fear" Look it Up if you don't know). The best thing we can do is keep our end-users updated with everything knowledge wise, train them, show them the 678 billion dollars that North Korea alone obtained through Cybercriminal Activities in 2021. Ensure that they have Secure Passwords, in addition to Multi-Factor Authentication (MFA) preferably, although we are finding more and more ways to bypass that as well.

All in all this is really just an overview if you want to see what is going on in the world follow me, I prefer connecting if we are in the same industry with similar passions. But stay alert! By the way I left Political Tensions out of this not out of fear but due to length. Obviously right now we have Ukraine vs Russia which means US(NATO) vs Russia...we have already had one false-flag potentially identified from Ukraine as a pro-Ukrainian government group attempting to gain allies by attacking and WIPING The data from their own government's computers. But if you must know many of these ATP groups are backed by a country, and thus their operations involve attacks for that country, and for themselves to be able to gain finances to continue. Politics and War are changing, the face of modern warfare starts with a programmer in his basement shutting down your national power grid, communications array, and water supply. Or more importantly in which this is a mentioned but not confirmed attack of the Russian Supply Line Railways to Ukraine as we have seen in every war since Alexander the Great if you cannot supply the front line properly then you are destined to lose.

So everyone please feel free to comment, critique, and debate with this Newsletter. But we are living in a Cybercriminal's dreamworld right now and it is time to change but the question is HOW do we do that with Human Beings still being at the center of it all!

Aaron Lax (aaron.lax@thelaxerz.us)