Merlin Labs Memo -- Week of July 8-12

Merlin Labs Memo -- Week of July 8-12

Going for Gold in Cybersecurity: Defending the Olympic Games

The Olympic Games, known worldwide for unity and athletic excellence, have increasingly become targets for cyber threats. Past incidents, such as the cyberattacks on the PyeongChang 2018 and Tokyo 2020 Olympics, highlight the growing risks. With the Paris 2024 Summer Olympics approaching, comprehensive cybersecurity measures are being implemented to prevent disruptions. These include international collaborations, crisis simulations, and strong public-private partnerships to secure the event from potential cyber threats. 

Our Take: We fully support the increased focus on cybersecurity for large-scale events like the Olympic Games. The proactive steps taken by the French government and international partners are crucial in addressing the high stakes associated with potential cyber threats, ranging from state-sponsored attacks to cybercriminal activities.

However, an additional layer of protection can be added: Cyber Identity and Privilege Access Management (PAM). Ensuring that only authorized individuals can access critical systems and data is crucial. Advanced PAM solutions, such as those provided by CyberArk, can effectively prevent unauthorized access and reduce the risk of insider threats, adding a solid layer of security.

CyberArk PAM improves security controls by providing robust mechanisms to control and monitor privileged access across all systems. This ensures that only authorized users can access sensitive information, significantly reducing the risk of cyber incidents. Additionally, insider threats pose a significant risk to cybersecurity. CyberArk PAM offers detailed session monitoring and recording capabilities, making detecting and responding to suspicious activities in real time more manageable. With the capacity to scale according to the needs of any organization, CyberArk’s solutions are adaptable for events of all sizes, making them ideal for securing the complex infrastructure of the Olympic Games.

Continuous monitoring is also a critical component of cybersecurity. Real-time threat detection and response capabilities are crucial for quickly addressing and neutralizing cyber threats. AI-driven security analytics is a game-changer, significantly enhancing these efforts by identifying patterns and anomalies that may indicate an impending cyberattack.

While the existing measures provide a solid foundation, incorporating advanced cybersecurity solutions like PAM and AI-driven monitoring is beneficial and necessary. These solutions offer an extra layer of defense, ensuring the Olympic Games can proceed without disruption, preserving the integrity and spirit of this global event.  – Daniel McGregor

Additional Reading:


Hackers Are Using GrimResource to Bypass Microsoft's Defenses

“Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses.

Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware scanning platform on June 6, 2024.

"When a maliciously crafted console file is imported, a vulnerability in one of the MMC libraries can lead to running adversary code, including malware," the company said in a statement shared with The Hacker News.

"Attackers can combine this technique with DotNetToJScript to gain arbitrary code execution, which can lead to unauthorized access, system takeover and more."

The use of uncommon file types as a malware distribution vector is seen as an alternative attempt by adversaries to get around security guardrails erected by Microsoft in recent years, including disabling macros by default in Office files downloaded from the internet.

Last month, South Korean cybersecurity firm Genians detailed the use of a malicious MSC file by the North Korea-linked Kimsuky hacking group to deliver malware.

GrimResource, on the other hand, exploits a cross-site scripting (XSS) flaw present in the apds.dll library to execute arbitrary JavaScript code in the context of MMC. The XSS flaw was originally reported to Microsoft and Adobe in late 2018, although it remains unpatched to date.

Our Take: The GrimResource attack technique once again highlights significant shortcomings in Microsoft's approach to security. Despite being aware of critical vulnerabilities, such as the XSS flaw in the apds.dll library, Microsoft's delayed response exposes users to unnecessary and prolonged risks. While the company has implemented reactive measures, such as disabling macros in downloaded Office files, this doesn’t address the deeper issue: the behemoth software companies are aware of issues within their code yet refuse to patch them, failing to protect the interests of their customers.

Cyber threat actors will continue to improvise, and it seems as if Microsoft is standing still with legacy architecture that makes securing its components nearly impossible. Microsoft would be wise not only to patch known vulnerabilities promptly but also to adopt a more proactive and diligent approach to writing code that is secure by design. It shocks me that I am still seeing organizations trusting Microsoft for security tools while their flagship products are ignored when presented data by security researchers. – Rick Friend, CISSP

Additional Reading:


Readers of our Newsletter: What’s working, what’s not, and what’s on your mind? Leave a comment below or email labs@merlincyber.com. Thank you!



To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics