Author: Chase Snyder, Sr. PMM, Xage Security
This is the monthly zero trust cyber risk roundup highlighting key news and actionable insights for enterprises looking to stop the next cyberattack by land, by sea, or in space. Our August 2024 Cyber Risk Roundup offers a quick peek at this month’s big stories. Follow Xage Security on LinkedIn for daily updates on cyber risk and global events.
New Zero Days in Versa Director Exploited by Chinese APT “Volt Typhoon”
New 0-day vulnerabilities in U.S. internet infrastructure are thought to be exploited by Chinese APT “Volt Typhoon” as reported by KrebsOnSecurity and others. Versa, the vulnerable vendor, blames customers for lack of cyber hardening and poor firewall practices, leaving management ports exposed. Read more from KrebsOnSecurity.
The “3 Billion People” Leak and the Rise of 3rd Party Data Breaches
This month, a data leak claiming to contain personal records of 3 billion people hit the headlines, and cast the notion of “third party data breaches” back into the spotlight. When a data aggregator whose whole business is to buy or collect data from other parties gets hacked, who is most at risk, and who is accountable? Read more on Bleeping Computer.
Toyota also suffered a third party data breach, with 240GB of customer and employee data being posted to hacker forums. The company says their systems have not been compromised, and that the data was stolen from a third party. The challenge of both risk mitigation, breach prevention, and data security has layers of complexity that are exacerbated in the case of third party data breaches. Read more on DarkReading.
Critical Infrastructure Attacks: SeaTac Airport, Sea Ports & Halliburton
Critical infrastructure sectors including aviation, transportation and logistics, oil and gas, and more have seen increasing operational disruption from cyberattacks and security incidents. The Seattle Times reported that SeaTac airport was resorting to manual processes, even handwriting boarding passes, and that “most” luggage was delayed after a cybersecurity incident. Seattle area maritime ports are also reportedly affected, as reported by Industrial Cyber.
The oil and gas giant Halliburton also suffered an unrelated attack that nevertheless underscores the increasing disruption of critical infrastructure by cybersecurity incidents. Oil and gas organizations have faced increasing scrutiny for cybersecurity practices since the Colonial Pipeline attack in 2021 disrupted fuel availability across the east coast of the U.S.
Industrial Cyber’s reporting included commentary from Xage co-founder and SVP products Roman Arutyunov on the urgency of adopting zero trust security practices in critical infrastructure:
“Securing our infrastructure is not just about protecting individual companies; it’s about safeguarding the fabric of our society, economy, and the global supply chain,” said Arutyunov.
Protecting Your Assets from a Recent ESXI Vulnerability
A vulnerability in ESXi hypervisor was uncovered by Microsoft that allows a malicious user with sufficient permissions to gain full access to a domain-joined ESXi host. The vulnerability, CVE-2024-37085, can be exploited once a user has gained enough privilege through a previously successful attack.
This authentication bypass is the latest vulnerability in ESXi hypervisors but won’t be the last. Given the popularity of the ESXi platform and its tight integration with other IT/OT systems in major organizations, ESXi hypervisors will always remain an appealing target of cyber attackers. With an increase in attacks that lead to initial access or full admin control, organizations must proactively protect themselves against multiplying vulnerability exploits. Here’s a quick summary of what we know about the ESXi vulnerability, and how Xage can protect assets even before they have been patched.
The Rise of Privilege Escalation, Patch Tuesday and Beyond
The August Patch Tuesday brought 36 privilege escalation vulnerabilities to light, which is far more than any of the other types of vulnerability. Furthermore, at least six of the vulnerabilities were listed as “Exploitation Detected” meaning that they were already being used in the wild. Earlier this year, the Verizon Data Breach Investigations Report noted that vulnerability exploitation had seen a 180% increase as a factor in data breaches, compared to previous years. These may or may not indicate a broader trend in cyberattacker behavior, but at the very least they’re a reminder that patching vulnerabilities on the CISA KEV list is an important way to protect your organization. Learn more about privilege escalation techniques based on high profile examples.
Mistakes To Avoid Before and After a Ransomware Attack
A ransomware attack isn’t something that happens in a moment, and then ends. Ransomware campaigns can proceed over months or years, and successful ones can take just as long to clean up and recover from. Forbes put together the best advice on pre and post ransomware mistakes to avoid from CISOs, CEOs, and other cybersecurity leaders, including Xage’s CEO Geoffrey Mattson. Read More.
Boardroom Defense: Questions About Cybersecurity
Boards of directors are taking a more active interest than ever in the cybersecurity practices of their companies. As the financial impact and individual accountability for cybersecurity incidents have increased and shifted, now is the time for CISOs and boards to learn to work together. Xage’s own Executive Chair wrote some thoughts for Forbes on the kinds of questions the board should be asking. Read more.
P.S. We’re hosting a fireside chat between Victor Chang, 2X CISO and frequent security advisor to boards, and Mathieu Gorge, CEO of Vigitrust and Author of “The Cyber Elephant in the Board Room” coming up soon. Register now.
The Gigantic and Unregulated Power Plants In The Cloud
An “ethical hacker” showed he was able to take control of 4 million smart solar arrays in the EU, driving questions about the security of Europe’s energy grid. Read more.
Securing Autonomous Manufacturing Operations
Autonomous systems can bring massive productivity gains to manufacturing and other industries, but the cybersecurity risks must be mitigated to achieve these gains without putting business operations in jeopardy. Xage and Yokogawa Engineering Asia have partnered to bring zero trust security to the cutting edge of industrial operations and autonomous systems. Learn more.
Follow Xage Security on LinkedIn for daily updates on cyber risk and zero trust security.
