Unpatched VMware apps are still exploited, ransomware used as a decoy and a COVID SMS scam.
Welcome to Cyber Security Today. Today is Friday, June 24, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
It’s hard to believe with all the news from earlier this year, but threat actors continue to exploit an unpatched Log4Shell vulnerability in VMware Horizon and Unified Access Gateway servers. That’s according to the US Cybersecurity and Infrastructure Security Agency. Alerts about this vulnerability began circulating last December. But some IT admins still don’t get the message. If your organization hasn’t taken notice yet, assume that your Horizon or UAG installation has been compromised. Start the threat hunt. The CISA report includes recommendations on what to look for. There is a link to the report in the text version of this podcast. Log4Shell is a remote code execution vulnerability that affects products using Apache’s Log4j2 logging library. After exploiting a flaw in Horizon or UAG, an attacker will download malware to spread through the computing environment.
Threat actors often use denial of service attacks to distract IT from an ongoing data theft elsewhere in the organization. According to Secureworks researchers, an attacker based in China could use ransomware in the same way. The ransomware used by the gang dubbed Bronze Starlight has only a short lifespan, according to the report. This suggests that the gang’s objective is data theft or espionage. If so, deploying ransomware can distract responders from what is really going on. One clue to the presence of this gang is the use of a custom DLL loader called HUI Loader to download remote access Trojans and Cobalt Strike beacons onto compromised computers and servers. This leads to the download of ransomware. Note that this gang initially compromises networks by exploiting known device vulnerabilities. Patches are usually available that could have prevented the attack from starting.
Scammers keep using fears about COVID-19 to spread scams. One of the latest sleight of hand is happening in the UK, where people are receiving text messages claiming to be from the National Health Service, or NHS. The message says they have been in close contact with someone who has the virus. They are told to order a free test kit by clicking on the included link. Victims who click go to a website that looks like an NHS site, where all they have to spend is a small amount for postage for the kit – in addition to filling in personal details and a card number credit. A variant of the program asks victims to click on a link to book a free COVID test, again with the aim of obtaining the victims’ personal information. This type of scam can be attempted in any country. One of the reasons scammers love SMS scams is that it is difficult for victims to verify website addresses on the small screen of a smartphone. This is why people should think carefully before clicking on links in text messages.
To finish, Google has released security updates for Chrome. If you use this browser, make sure it is the latest version.
Remember later today the Week in Review edition will be published, with guest commentator Terry Cutler of the Montreal Cyology Laboratories. We’ll talk about the Cloudflare outage this week and a US bank’s failure to detect a data breach after discovering a separate ransomware attack.
Links to podcast story details are in the text version on ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.