Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Chinese cyber threat actors are widely abusing well-known attacks to infiltrate networks, CISA warns

Chinese state-sponsored attackers are placing a heavy reliance on known but commonly unpatched vulnerabilities to “establish a broad network of compromised infrastructure”, a US federal security agency warns.

While previously unknown (zero-day) vulnerabilities and novel exploits usually grab the most headlines, a joint advisory from the US government’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warns that attacking “publicly known” flaws has become a mainstay of Chinese cyber-espionage.

Hit list

The advisory offers a list of network device CVEs most frequently exploited by PRC state-sponsored cyber actors since 2020.

Flaws in small business-focused routers, SSL VPNs, and Network Attached Storage (NAS) devices from the likes of Cisco, Fortinet, Netgear and QNAP feature heavily on the list.

Some of the main attacks in play can achieve remote code execution (RCE) against unpatched systems while others achieve their aims by achieving authentication bypass or privilege elevation.

Chinese state-backed attackers are using publicly available exploit codes against virtual private network (VPN) services or public facing applications to hack into major telecommunications companies and network service providers, creating a platform for follow-up attacks.

Hacked systems “serve as additional access points to route command and control (C2) traffic and act as midpoints to conduct network intrusions on other entities”, according to the CISA’s advisory, which builds on previous US intel agency reporting.

By building a network of compromised systems that act as a platform for follow-up assaults, Chinese APTs are hiding or obfuscating the source of attacks, making detection and response more challenging.

Industry experts said that CISA’s latest advisory is designed to hammer home the importance of prompt patching.

Slow patching peril

Andrew Kahl, CEO of BackBox, commented: “Last month CISA released a joint advisory (PDF) that recommended prioritizing the patching of software containing known vulnerabilities.

“These two advisories within a month of each other indicates threat actors are increasingly targeting known vulnerabilities, because they understand many organizations are slow to implement patches.”

Kahl added: “One of the most common vectors for attackers is through known vulnerabilities that otherwise could have been patched. In fact, 87% of organizations have experienced an attempted exploit of an already-known, existing vulnerability.”

Hiding in plain sight

Terry Olaes, director of sales engineering at Skybox, said that CISA’s alert pointed towards a need to adapt enterprise vulnerability remediation strategies to provide better coverage for less severe but actively exploited vulnerabilities.

Prompt triage would help organizations to protect themselves against attacks from a wide range of potential adversaries.

“Cybercriminals are increasingly targeting known vulnerabilities hiding in plain sight and turning them into backdoors to deploy complex attacks that are increasing at record rates,” Olaes said.

Advertisement. Scroll to continue reading.

“If organizations only rely on conventional approaches to vulnerability management, they may only move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS).”

Olaes concluded: “Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.”

Source: https://portswigger.net/daily-swig/chinese-cyber-threat-actors-are-widely-abusing-well-known-attacks-to-infiltrate-networks-cisa-warns

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

U.S. Secretary of State Antony Blinken shakes hands with Chinese President Xi Jinping in the Great Hall of the People in Beijing, China, Monday,...

Business News

British Prime Minister Rishi Sunak poses for pictures with Screech the Washington Nationals Mascot while attending the Washington Nationals v Arizona Diamondbacks baseball at...

Business News

Visitors pray before flowers placed at the Hiroshima Peace Memorial Park, ahead of the Group of Seven nations’ meetings in Hiroshima, western Japan, Wednesday,...

Cyber Security

A new APT hacking group dubbed Lancefly uses a custom ‘Merdoor’ backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO