Iran-linked attacks on US companies and Microsoft & Apple zero-day exploit attacks

Published 10/21/21, 9:30am

Cybersecurity News for the Week of 10/11/21

News that threat actors in Iran were targeting US-based defense and technology companies made prominent headlines last week. Industry researchers discovered a new remote access trojan (RAT) targeting a Microsoft zero-day. And Apple quietly fixed a zero-day actively used in attacks targeting iPhones and iPads.

• Password-spraying attacks used by Iran-linked threat actors against US defense and tech companies
• The October 2021 Patch Tuesday includes 4 zero-day bugs; one actively exploited
• iPhones, iPads under active attack; users urged to patch immediately

Cybersecurity News Final Thoughts

The connection between nation-state supported attacks and unpatched vulnerabilities can’t be lost on anyone, as illustrated by several of our stories this week. 

While nation-states may prefer to attack a defense or technology target directly, they are increasingly looking for ways to infiltrate targets by leveraging attacks against the supply chain. These attackers use vulnerabilities to deliver malware that helps them gain persistence—similar to the MysterySnail RAT described in this week’s article: The October 2021 Patch Tuesday includes 4 zero-day bugs, one actively exploited.

Recent research suggests that 77% of all state-sponsored cyberattack operations originate in China, Russia, Iran, and North Korea. Due to their government connections, these attackers often have unlimited technical and monetary support from their host nations, enabling them to finance sophisticated techniques and long-term attacks. Military, government, industrial, or scientific espionage is the most common reason for nation-state attacks. However, nation-states are increasingly and tacitly endorsing ransomware attacks by ignoring the activities of ransomware criminals operating in their country. In some cases, they are even quietly supporting the activities in exchange for access to the data stolen by the ransomware attackers.

Industry researchers anticipate that nation-state attacks focused on unpatched software and infrastructure will continue, becoming widespread in the coming months and years. This means that organizations that are running unsupported, out-of-date, or unpatched software and hardware are not only substantially increasing the risk to their business but also increasing the risk to their entire connected supply chain.

Organizations are reminded that aerospace, defense, IT, health care, finance, biomedical research, media, utility companies, universities, and think tanks are common and attractive targets for nation-state attacks. 

While the US government can certainly do its part to prevent attacks against the supply chain, much of the prevention rests on the shoulders of the organizations being targeted. This means increased vigilance regarding security best practices like vulnerability management, penetration testing, application security, and identity and access management.