AusCERT Week In Review for 4th March 2022

Greetings,

Next Tuesday, March 8 2022, is International Women’s Day, a day to celebrate women’s achievements and increase visibility whilst also calling out inequality. This year’s theme is “Break The Bias”, an opportunity to recognize and take action to level the playing field.

Gender bias, discrimination and stereotyping are ever present obstacles facing women the world over. Whether it’s intentional or unconscious, it’s up to all of us to encourage and support a more diverse and inclusive society.

You can learn more about International Women’s Day including, how to help Break The Bias, not just for a day, but permanently.

Education is vital in our ever-changing and adapting world. At AusCERT, we want to provide our members the opportunity to develop and strengthen their skills and contribute to a robust cyber security strategy.

We have a list of online training courses for 2022, aimed at anyone that looks after cyber security.

This training is exclusive for AusCERT Members only for the price of $750 (inc. GST) per person, per training course.

You can view the current dates of courses and book online here.

Lastly, we want to acknowledge the devastating “rain bomb” that wreaked havoc on the east coast of Australia this week. The prolonged and immense rain has saturated our landscapes and left a trail of destruction with creeks and rivers turned into fast moving torrents.

There are several services available to seek assistance or support our fellow Aussies in their time of need.

If you need help or can lend a hand, below are a few organisations and initiatives that may suit your needs:

GIVIT

Vinnies Flood Appeal

Brisbane Mud Army 2.0

ACSC on high alert following Russian attack on Ukraine
Date: 2022-02-25
Author: Cyber Security Connect

In the wake of Russian-linked cyber attacks on Ukraine, Prime Minister Scott Morrison and the Australian Cyber Security Centre (ACSC) have issued a warning to Australian organisations that malicious activity may have local ramifications.
Similar warnings have been issued by the UK’s NCSC and the US Department of Homeland Security following recent sanctions on Russian institutions. As Australian society becomes increasingly digitised, agencies must prioritise measures to secure data and critical infrastructure against threat actors.

Ukraine recruits “IT Army” to hack Russian entities, lists 31 targets
Date: 2022-02-26
Author: Bleeping Computer

Ukraine is recruiting a volunteer “IT army” of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks.
Saturday afternoon, Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov announced that they need volunteer “digital talents” for an “IT Army” to conduct operational tasks against Russia on the cyber frontline.

Google increasing account protections for users impacted by Russian invasion of Ukraine
Date: 2022-03-01
Author: ZDNet

Google detailed a series of measures it’s taking to help those impacted by the ongoing Russian invasion of Ukraine deal with associated cyber threats and privacy risks.
In a lengthy Twitter thread, Google Europe ran through a list of measures it’s taking to automatically safeguard accounts, as well as measures users themselves can take to increase their privacy and security through freely available account features.
First, the company made it clear that it is actively attempting to “look out for and disrupt disinfo campaigns, hacking, and financially motivated abuse” surrounding the conflict. This effort includes collaborations with other companies and “relevant government bodies” to address rising threats.

Russia Sanctions May Spark Escalating Cyber Conflict
Date: 2022-02-25
Author: Krebs on Security

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.
Michael Daniel is a former cybersecurity advisor to the White House during the Obama administration who now heads the Cyber Threat Alliance, an industry group focused on sharing threat intelligence among members. Daniel said there are two primary types of cyber threats the group is concerned about potentially coming in response to sanctions on Russia.

New ‘highly sophisticated’ malware linked to Chinese cyberattackers
Date: 2022-03-02
Author: Citizen Digital

A leading cybersecurity firm says it has discovered a “highly sophisticated” piece of malware being used by Chinese hacking teams to attack government and critical infrastructure targets.
Symantec, a division of U.S.-based software designer and manufacturer Broadcom, said the earliest known sample of the malware, which has been dubbed Daxin, dates back to 2013, while Microsoft first documented the hacking tool in December 2013.
A report by the company’s Threat Hunter Team says Daxin is “without doubt” the most advanced piece of malware it has seen used “by a China-linked actor.” The unit says Daxin was discovered along with other hacking tools previously used by Chinese cyberattackers.

Senate passes cybersecurity act forcing orgs to report cyberattacks, ransom payments
Date: 2022-03-03
Author: ZDNet

The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours.
The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee.

Over 100,000 medical infusion pumps vulnerable to years old critical bug
Date: 2022-03-02
Author: Bleeping Computer

Data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are running with known security issues that attackers could exploit.
The findings reveal that tens of thousands of devices are vulnerable to six critical-severity flaws (9.8 out of 10) reported in 2019 and 2020.

International hackers answer Ukraine’s call to launch cyber operations against Russia
Date: 2022-03-02
Author: ABC

As Russian artillery bombarded Ukraine’s infrastructure on Sunday, one of the country’s most senior government ministers issued an unusual call to arms.
The world was already supplying Ukraine with anti-tank missiles and military intelligence, but Vice Prime Minister Mykhailo Fedorov, tweeting a link to a public channel on Telegram, also called for hackers and tech specialists to join the “cyber front”.

Microsoft: Ukraine hit with new FoxBlade malware hours before invasion
Date: 2022-02-28
Author: Bleeping Computer

Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia’s invasion of Ukraine on February 24th.
Researchers with the Microsoft Threat Intelligence Center (MSTIC) observed destructive attacks targeting Ukraine and spotted a new malware strain they dubbed FoxBlade.

DDoSers are using a potent new method to deliver attacks of unthinkable size | Ars Technica
Date: 2022-03-02
Author: Ars Technica

Last August, academic researchers discovered a potent new method for knocking sites offline: a fleet of misconfigured servers more than 100,000 strong that can amplify floods of junk data to once-unthinkable sizes. These attacks, in many cases, could result in an infinite routing loop that causes a self-perpetuating flood of traffic. Now, content-delivery network Akamai says attackers are exploiting the servers to target sites in the banking, travel, gaming, media, and web-hosting industries.

ASB-2022.0059 – Ukraine

AusCERT’s advisory for members contains IOCs that are of interest in protecting networks and sources providing mitigation information.

ESB-2021.4216.3 – UPDATE Atlassian Products: CVSS (Max): 10.0

Atlassian updated the advisory initially released on 13 Dec 2021 to contain additional information for Data Center & Server products distributed via the Atlassian Marketplace.

ESB-2022.0878 – VMware Tools: CVSS (Max): 5.6

VMware is aware of an uncontrolled search path vulnerability in VMware Tools for Windows where, if exploited, a malicious actor may be able to execute code with system
privileges . VMware has released updates to remediate the vulnerability in affected VMware products.

ESB-2022.0840 – GitLab Community Edition and Enterprise Edition : CVSS (Max): 9.6

Gitlab recommends GitLab Community Edition and GitLab Enterprise Edition be immediately updated to one of the versions released in the most recent critical security release. Gitlab advises that these versions contain important security fixes.

ESB-2022.0688.3 – UPDATE Cisco Cloud Email Security: CVSS (Max): 7.5

Cisco has released software updates that address a vulnerability in DANE email verification component of Cisco AsyncOS Software for Cisco Email
Security Appliance. Cisco also advises of workarounds that address the vulnerability.

Stay safe, stay patched and have a good weekend!

The AusCERT team