Cyber Attacks

Written By: Austin Miller

Cyber Attacks: WatchGuard’s failure to report critical flaw sets a dangerous precedent 

Another week, another security vendor has a scandal erupt. This time, it’s the turn of WatchGuard because the company failed to report that a critical vulnerability had been discovered and exploited by the Russia military, it is suspected. Due to an entire line of firewall devices being compromised, a botnet was established which is also suspected to have played a role in the cyberattacks all around the world. 

Identified as CVE-2022-23176, the major issue was in the Fireware OS that would allow a remote attacker with unprivileged credentials to access any connected system through an exposed management access flaw. This vulnerability had apparently been shared with WatchGuard by the FBI in November 2021 after it had become a key attack vector for Sandworm, a hacking group which has become even more notorious since the start of the Russia-Ukraine conflict. Cyclops Blink – the malware spread over this exploit – affected many companies, mainly through flaws in the WatchGuard firewall and also ASUS routers. 

If you believe that you have been affected by this exploit, WatchGuard’s software tool and accompanying instructions can be used to fix the issue.

Cyber Attacks: Conti’s weapons are turned back against Russia 

In the wake of Conti’s internal documents being leaked to the wider cybersecurity community, it appears that more than just communications and potentially incriminating details have been discovered. It appears that the Conti ransomware has been turned against Russian organizations, who are now struggling to deal with the problem. 

Having previously evaded systems which had CIS-aligned language packages installed (with the exception of Ukrainian in recent times), the hacking group known as NB65 has turned the ransomware into a tool for hunting Russian systems. It has already reportedly taken down document management operator Tensor, Roscosmos, and the Russian television and radio broadcaster VGTRK. 

With over 700GB of data stolen, it seems that NB65 are going to become a major thorn in the side of the Russians in the near future. 

Cyber Attacks: Microsoft exposes the Tarrask malware, pointing fingers at China 

Who’s ready for a new Cold War? Although the fighting is confined to Eastern Europe at the moment, the cybersecurity Cold War is only heating up. A Microsoft Security blog concerning the Tarrask malware has been identified as using scheduled tasks to evade defenses and exfiltrate data from telecommunication providers, internet service providers, and the data services sector. 

Although the malware is very simple in its execution – mainly setting up scheduled tasks and obscuring them from easily being discovered – and seems to have an unexpected functionality of persistence on reboot, Microsoft has released a full breakdown on how to combat the malware from attacking your systems. Coming from the nation-state attackers Hafnium, it is suspected that this malware has the backing of the Chinese state. 

Beijing has not commented on the discovery so far. 

Cyber Attacks: Ongoing concerns about a lack of qualified cybersecurity talent 

The never-ending story for cybersecurity professionals – more and more corporations are asking “where are all the cybersecurity professionals?” This is becoming an acute issue in India as an ISACA survey finds that an unprecedented 60% of all cybersecurity positions are unfilled and 42% of cybersecurity teams say that they are currently understaffed. And this doesn’t seem to be for a lack of applications either – apparently 59% of all hiring managers believe that less than half of the applicants for these jobs are simply not qualified. 

While the specifics on why the Indian subcontinent is struggling to find enough cybersecurity professionals to fulfill all roles, this question has been raging on for years. Industry experts expect that the ever-evolving nature of the cybersecurity world makes it impossible for some people to make the jump from academia to real life cybersecurity work. Others are also suggesting that a brain drain has meant that highly talented individuals in the Global South (including India) are being poached by companies in the Global North due to a disparity in the wages that are available. 

Stay up to date with the latest threats

Our newsletter is packed with analysis of trending threats and attacks, practical tutorials, hands-on labs, and actionable content. No spam. No jibber jabber.