This month’s cyber threat landscape underscores a critical trend: malicious actors are exploiting systemic vulnerabilities in critical infrastructure and enterprise technologies, with state-sponsored and highly sophisticated threat groups leading the charge. From breaches in telecommunications networks to zero-day exploits and privilege escalation campaigns, attackers are focusing on sectors with high-value data and national security implications.
A common thread ties these incidents together: the exploitation of insecure legacy systems, unpatched vulnerabilities, and advanced attack techniques such as spear-phishing, malicious RDP files, and memory-extracting malware. These methods enable attackers to gain unauthorized access, escalate privileges, and persist within compromised networks, amplifying the risk to global organizations and national security.
Every edition of the Cyber Risk Roundup, we break down the top stories of the month. Here’s what you need to know for November 2024.
State-Sponsored Attacks on Telecom Continue
A Chinese state-sponsored hacking group, Salt Typhoon, infiltrated major U.S. telecommunications networks, including AT&T, Verizon, and Lumen Technologies – with T-Mobile joining the growing list this month. The breach aimed to spy on high-value intelligence targets by accessing communication records, call logs, and unencrypted texts of senior national security officials, posing significant national security risks.
This campaign is part of a broader trend of attacks on the industry globally – with attacks reported in Africa and Asia as well. A CrowdStrike representative testified before the US Senate Judiciary Subcommittee on Privacy, Technology, and the Law this month about another China-backed group, Liminal Panda, who has been actively targeting the industry since 2020. Like so many attacks on critical infrastructure, the group is leveraging insecure legacy systems as the foothold to launch their attacks.
RDP Claims Another Victim, But Not How You’d Think
Microsoft warned that a nation-state-backed group, Midnight Blizzard, is conducting a sophisticated campaign targeting critical sectors like government, NGOs, academia, and defense organizations. The attack group leveraged a combination of spear-phishing and malicious Remote Desktop Protocol (RDP) files as email attachments to gain extensive access to sensitive data.
Learn how Xage Security safeguards organizations against RDP-based attacks.
Firewall CVE Allows Attackers Admin Access
Palo Alto Networks released an advisory for a critical flaw (CVE-2024-0012) in their Next-Generation Firewalls that allows attackers to bypass authentication and gain admin access via the management interface. The bug has a severity score of 9.3 out of ten, putting it in the most severe category. Exploits have been observed in the wild and enterprises are advised to apply the available patches immediately.
Critical Fortinet VPN Zero-Day Vulnerability
A zero-day vulnerability in Fortinet’s Windows VPN client has been exploited using the DeepData malware framework, developed by the China-linked threat actor BrazenBamboo. The malware extracts sensitive information, including usernames and passwords, directly from the application’s memory. Despite being reported in July 2024, this vulnerability remains unpatched, posing a significant threat to affected systems.
Privilege Escalation Threats Are on the Rise – What to Do
Privilege escalation attacks occur when malicious actors exploit vulnerabilities or misconfigurations to gain elevated permissions or unauthorized access within an organization’s systems. These attacks often allow attackers to move laterally across networks, access sensitive data, and compromise critical systems, making them a prime target.
In his latest Forbes article, Xage CEO, Geoffrey Mattson, underscores the need to rethink traditional PAM models to combat privilege escalation threats effectively. Traditional PAM approaches, which focus solely on protecting privileged accounts, are deemed insufficient in today’s landscape where privilege escalation techniques can exploit any user or entity within an enterprise. The article advocates for a comprehensive PAM strategy that enforces the principle of least privilege, ensuring users have access only to necessary resources.
In case you missed it, Xage recently announced Xage XPAM – a next-generation PAM solution designed to address the privilege escalation attacks and other complexities of modern cybersecurity.
Want to learn more?
Read what analyst firm Enterprise Strategy Group (ESG) had to say about the challenges with legacy PAM and the XPAM approach.