Cisco issues urgent warning to customers over actively exploited zero day vulnerability
Cisco has issued an urgent advisory to its customers following the identification of a severe zero-day vulnerability that has been actively exploited, granting hackers administrative control over compromised networks. Cisco's Talos security team warns that successful exploitation allows the attacker to create a user account with the highest privilege level, essentially giving them full control over the affected device. The vulnerability is deemed so critical that Cisco has strongly advised its users to immediately follow remediation steps provided in its PSIRT advisory.
The security flaw, designated as CVE-2023-20198, has a maximum severity rating of 10. It affects the Web User Interface of Cisco IOS XE software when exposed to untrusted networks or the internet. Devices running IOS XE, including switches, routers, and wireless LAN controllers, are vulnerable if they have the HTTP or HTTPS Server feature enabled and are internet-exposed. According to the Shodan search engine, up to 80,000 devices connected to the internet could potentially be compromised.
Unknown threat actors have reportedly been exploiting this zero-day vulnerability since September 18. After gaining authorized user status, these attackers create a local user account and typically proceed to deploy an implant for executing malicious commands. Although the implant itself is cleared upon rebooting the system, the created user accounts remain intact.
Talos has observed that the attackers also exploit a previously patched medium-severity flaw, CVE-2021-1435, on fully patched devices through an unidentified mechanism. Cisco urgently calls for immediate action to protect vulnerable devices, emphasizing the high risk posed by this actively exploited vulnerability.
Ukrainian Telecom providers hit by cyber attacks
The Ukrainian Computer Emergency Response Team (CERT-UA) has disclosed a series of cyberattacks targeting 11 telecom providers in the country between May and September 2023. The intrusions, codenamed UAC-0165 by the agency, led to significant service disruptions for users. Initially, attackers conduct reconnaissance, scanning telecom networks for vulnerable RDP or SSH interfaces. CERT-UA notes that these activities often originate from compromised servers within Ukraine, using proxy servers like Dante and SOCKS5 to route traffic.
The attackers deploy specialized software, namely POEMGATE and POSEIDON, to steal credentials and gain remote control over infected systems. To cover their tracks, they execute a utility called WHITECAT. Furthermore, they maintain persistent unauthorized access via regular VPN accounts lacking multi-factor authentication safeguards. Successful breaches lead to attempts to disable key network and server components, specifically targeting Mikrotik equipment and data storage systems.
In a related development, CERT-UA also reported a series of phishing attacks during the first week of October 2023, executed by a group identified as UAC-0006. These attackers leverage compromised legitimate email accounts to distribute SmokeLoader malware. Their ultimate aim is to infiltrate accountants' computers to steal authentication data or manipulate financial documents in remote banking systems for fraudulent transactions.
Number of Irish companies hit by a cyber attack increased 22% year on year in 2023
New data from Hiscox has revealed a worrying surge in cyberattacks against Irish companies, with over 70% experiencing at least one cyber incident in the past year, marking a 22% rise from the previous year when only 50% reported an attack.
Ireland led in the median average number of attacks among all countries studied, witnessing a fourfold increase year-over-year. Globally, 53% of companies reported at least one cyberattack.
Corporate-owned servers were the most frequent entry points for attackers, and Payment Diversion Fraud was the most common financial repercussion. Despite the escalation, the overall cost of cyberattacks in Ireland remains 'relatively low.' Over half the companies indicated annual cyber costs below €10,000. The median cost of an attack has dropped to €8,860, and the largest single attack cost €118,128—significantly less than the €5.2 million reported in 2022.
Ireland also has the highest likelihood of paying ransoms, at 77%, but only one-third of companies reported full data recovery after payment. Cyber insurance is most prevalent in Ireland, with 69% of companies owning policies, and 44% having standalone plans. Despite IT budgets nearly doubling, cyber-specific spending saw only a marginal rise, from 22% to 23%.
Equifax still paying the price for 2017 breach as UK’s FCA fines it £11 million
Equifax has received a £11 million fine by the UK's Financial Conduct Authority (FCA) for its role in what is considered "one of the largest" data breaches in history.
The cyber security incident occurred in 2017 when Equifax Inc., the U.S.-based parent company, was hacked, compromising the personal data of as many as 147.9 million global customers. The FCA disclosed that this breach also jeopardised the personal information of 13.8 million UK-based clients.
The compromised data included customer names, birth dates, partial credit card information, addresses, and Equifax login credentials. The FCA stated that the breach was "entirely preventable," criticising Equifax for known security weaknesses and the failure to take adequate measures to safeguard UK customer data. Moreover, the UK arm of Equifax was not informed about the breach until six weeks after it was discovered by its U.S. counterpart.
In 2018, the British Information Commissioner’s Office (ICO) had already fined the company $60,727 for the data breach. Equifax revealed that it had fully cooperated with the FCA's extensive investigation, resulting in a reduced fine. Patricio Remon, the European president for Equifax, said the company has since invested over $1.5 billion in security and technology transformation.
New report shows Maritime companies paying ransoms in increasing numbers
A new report indicates a concerning rise in ransomware payments among maritime companies, with the average cost of restoring computer systems soaring to $3.2 million in 2023. Conducted by law firm HFW and maritime cybersecurity firm CyberOwl, the study surveyed over 150 industry professionals and found that 14% had paid ransoms after cyberattacks this year, a stark increase from just 3% in 2022. The report warns that new satellite systems aimed at enhancing sea connectivity could potentially expose ships to increased cyber security risks.
This follows an earlier study by DNV, suggesting that a significant majority—over 75%—of maritime professionals anticipate a strategic waterway or major port facing a cyber-induced shutdown within two years. Furthermore, 90% believe that ship or fleet operations are likely to be disrupted due to cyber threats in the near future, and over half predict that such attacks could lead to physical harm or even fatalities. The findings add urgency to growing concerns about cyber security vulnerabilities in the maritime sector.
