SolarWinds-Orion Attackers Distribute FoggyWeb; Exploit Released for VMWare Bug; and More Phishing

Published 10/07/21, 9:30am

Cybersecurity News for the Week of 09/27/21

The notorious Russian cyber gang known as Nobelium, Cozy Bear, or Apt29 is back in the news this week with a new malware known as FoggyWeb that targets Microsoft Active Directory. The Cybersecurity and Infrastructure Security Agency (CISA) is also warning businesses of a high-severity vulnerability in VMware’s vCenter Servers that requires immediate patching. And finally, industry security researchers are reporting a sophisticated phishing attack targeting 75,000 executives and employees in industries that include education, financial services, healthcare, energy, and state and local governments.

• Nobelium gang of SolarWinds/Orion notoriety targeting Microsoft Active Directory with FoggyWeb malware
• CISA, VMWare warn of active exploitation of high-severity vulnerability CVE-2021-22005
• Phishing scam targeting 75K executives and employees with spoofed email

Final Words

With malware and ransomware attacks continuing to increase, businesses may be wondering how cybercriminals manage to consistently and easily infiltrate systems to engage in their long-term malicious activities.

The answer is fairly simple, and two of our articles this week focus on these techniques: phishing and vulnerabilities. 

According to industry research, phishing remains one of the top security threats, with 74% of U.S. organizations experiencing a successful phishing attack in 2020. Phishing also played a significant factor in more than one-third of all data breaches, according to the 2021 Verizon Data Breach Investigations Report (DBIR). The 2021 DBIR also notes that 85% of all breaches involve a human element, and 61% of all breaches involved credential compromise. With an employee or executive’s login credentials in hand, cybercriminals have one-click access to a business’s most sensitive data and systems.

But when it comes to vulnerabilities, threat actors don’t even need to bother creating legitimate-looking, socially engineered phishing emails to gain access. Instead, they can simply walk in through the vulnerability using techniques and malware designed for the purpose.

Some businesses assume that email and endpoint security is all that is needed to protect from attacks. And while these security tools are critical, they may not provide sufficient protection solely on their own. Alternatively, other businesses may falsely believe in the mantra “the more, the merrier,” meaning that organizations ensure protection by simply adding more cybersecurity tools and technologies to the mix.

These beliefs couldn’t be farther from the truth.

Comprehensive security requires mature security, and mature security means paying attention to how security is integrated into the corporate culture and processes, having expert staff available to support security efforts, and having critical security tools and architectures in place.  

Security maturity also means engaging in some “security 101” best practices, like frequent password resets, multi-factor authentication (MFA), good identity and access management processes, and a well-structured vulnerability management program involving regular patching and updates.

When it comes to security, there are easy answers, but those solutions rarely lead to comprehensive and mature programs. While building and managing a proper cybersecurity program takes more effort, that work will pay dividends in the end.