Top Middle East Cyber Threats – 14 March 2023 - Help AG: Next-Gen Cybersecurity Services in the Middle East

At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats. 

In this blog, we share the top cybersecurity threats our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead: 

VMware Carbon Black App Control Addresses Critical Injection Vulnerability

VMware has published a security update to address a critical vulnerability in VMware Carbon Black App Control (App Control) versions 8.9.x, 8.8.x and 8.7.x.

Exploitation of this vulnerability could give a malicious actor access privilege to the administration console and through specially crafted input allow access to the underlying server operating system.

The vulnerability has been fixed in the latest versions of App Control

RECOMMENDATIONS

Ensure all systems are patched and updated.

OneNote Malware Campaigns Rise

A OneNote malware campaign has been observed spreading malware in the RATs, Bankers, and Stealer categories, with Qakbot and Redline malware frequently distributed.

Threat actors have been continuously experimenting with initial attack vectors to evade detection and deceive users. They have been adapting new obfuscation techniques using OneNote to distribute their malware, as many antivirus engines have not caught up with inspecting and detecting malicious OneNote files when attached in an email.

Some of the samples working as a Malware-as-a-Service (Maas) were distributed through a Telegram group named “NET_PA1N Reborn,” wherein they are selling their own crypter and stealer along with RATs.

RECOMMENDATIONS

Ensure all systems are patched and updated.
Avoid clicking or opening untrusted or unknown links, files, or attachments.
Don’t allow Macros for unknown MS Office files.
Enable software restriction policies and application whitelisting.
Ensure that email server is configured to block any suspicious attached files.
Enforce the Restricted PowerShell script execution policy for end users.
Monitor your network for abnormal behaviour and shared IoCs.
Ensure frequent backups are in place.
Educate employees about detecting and reporting phishing / suspicious emails.

Google Issues Vital Security Update for Chrome Browser

Google has published a security update to address multiple vulnerabilities in Chrome browser that are fixed in Chrome latest version 111.0.5563.64 (Linux and Mac) and 111.0.5563.64/.65 for Windows.

The update includes 40 security fixes and 24 of them were contributed by external researchers. Out of the 24 CVEs reported, 8 were classified as High, 11 Medium and 5 as Low risk level.

RECOMMENDATIONS

Ensure all systems are patched and updated.

Attackers Exploit New FortiOS Bug

Attackers have been exploitinga FortiOS bug that was patched this month via zero-day exploits targeting government and large organizations. The attacks resulted in OS and file corruption, as well as data loss.

Fortinet has released security updates to address this high-severity security vulnerability (CVE-2022-41328) that allowed threat actors to execute unauthorized code or commands.

An improper limitation of a pathname to a restricted directory vulnerability (‘path traversal’) in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands

A Fortinet report revealed that CVE-2022-41328 exploits had been used to hack and take down multiple FortiGate firewall devices belonging to one of its customers.

The list of affected products includes FortiOS version 6.4.0 through 6.4.11, FortiOS version 7.0.0 through 7.0.9, FortiOS version 7.2.0 through 7.2.3, and all versions of FortiOS 6.0 and 6.2.

To patch the security flaw, admins must upgrade vulnerable products to FortiOS version 6.4.12 and later, FortiOS version 7.0.10 and later, or FortiOS version 7.2.4 and above.

RECOMMENDATIONS