At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures for some of the largest enterprises in the region. As a result of this, we have our eyes keenly fixed on the cyber security threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, I share the top three cyber security threats that our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
Cisco Bug Exploited in Iranian Data Centres Attacks
A security flaw in some Cisco switches has been exploited by attackers to target data centres in Iran, as well as in other countries across the world. Hackers were able to reset some of these switches and routers back to factory settings, resulting in disruptions to the operations of some services and websites.
The bug has been discovered in the Smart Install Client of the Cisco IOS Software and Cisco IOS XE Software. This bug can be exploited by an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS), or to execute arbitrary code on an affected device.
Cisco has already released an update to address this vulnerability and you can read and act upon this to ensure your organizations is not impacted: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
New Cryptomining Trojan Infects 166,000 victims
Researchers from our vendor partner, Palo Alto Networks, have discovered 2,500 unique samples of the new ‘Rarog Cryptomining Trojan’ that have been connecting to 161 different commands and control servers. The Trojan is low priced, can be easily configured and mines Monero as well as other popular cryptocurrencies, making it an appealing option for cyber criminals. Despite its relative ease of use, the malware employs advanced anti-detection techniques and has gone virtually undetected for over nine months.
While the trojan is primarily a cryptominer, it also has a number of botnet features that allow attackers to download and execute other malware, carry DDoS attacks and even update the trojan. Palo Alto Networks has provided detailed information on how to protect against this threat in this blog.
Mirai Resurfaces with New Variant to Target Financial Sector
A variant of the Mirai botnet has hijacked over 13,000 IoT devices to carry out DDoS attacks against financial institutions. In the largest of these attacks, attackers managed to achieve traffic volumes up to 30Gbps through the use of DNS amplification.
This variant of Mirai targets poorly protected network-connected devices such as wireless IP cameras, manufactured by companies including TP-Link, Avtech, MikroTik, Linksys, Synology and GoAhead. As the number of devices connecting to the internet is only bound to increase, there is no doubt that attackers will keep finding way to exploit these devices and execute even more powerful attacks in the future.
As always, at Help AG, we’re here to help you protect against these any other cyber threats so please reach out to us for all your cyber security needs.
Majid Khan, Manager Cybersecurity Managed Services at Help AG