HEAnet ICT Newsletter April 2021 (copy 02)

*|MC:SUBJECT|*

View this email in your browser

Hi *|FNAME|*,

Welcome to the ICTSS Newsletter Issue 4
For this issue we are introducing a new format and style, aiming at providing you with more relevant information on security threats, recommended actions for improvement and free to access content on security-related topics.

We hope you enjoy the content we have curated for you, and look forward to your feedback.

ICT Security Services Team

ICT Security Services

Tell us what you think...

2020 brought many challenges for us all. Due to this change all of our services have been moved online.

Based on our Client Security Forum on the 2nd of March we would like your feedback. Please complete our survey at a time convenient to you.

Survey - Click Here

Security Threats & Data Breaches

Zero Days & Vulnerabilities

Microsoft Exchange Server

On March 2nd 2021, Microsoft published an out-of-band advisory to address the following four zero-day vulnerabilities in affecting on-premises Microsoft Exchange Servers:

CVE-2021-26855: Server-Side Request Forgery (SSRF)
CVE-2021-26857: Insecure Deserialization
CVE-2021-26858: Arbitrary File Write
CVE-2021-27065: Arbitrary File Write

Recommended action: Apply security patches and workarounds (info included on the hyperlink CVE’s above) released with the advisories.

VMware

Multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Relevant security patches and workarounds made publicly available on February 23rd 2021. The affected products include:

VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation).

Google Chrome

Security patches have been released for some of the most recent zero-day vulnerabilities discovered on Google Chrome. As usual, it is recommended to apply security updates and ensure that Open Source Software such as Google Chrome, are covered by your institution's vulnerability management programme.
For more information on the patches released and security issues, please see Google Chrome's blog post.

Apple Security Updates

On March 8th 2021, Apple released important security patches for iOS, macOS, watchOS and Safari web browser that address arbitrary code execution on their products.

For more information on how to apply these patches you can take a look at Apple's Security Updates website and your device's internal settings.

Malicious Software & Ransomware

NCSC - The Rise of Ransomware

"Ransomware is nothing new. The first recorded example was in the late 1980s, but in the last 3 years there's been a real explosion in growth".

In this blog post by the National Cyber Security Center (NCSC) Toby L, Technical Lead for Incident Management, explains how modern-day ransomware attacks are evolving.

CD projekt ransomware attack

The video game studio posted to its twitter account on the 9th of February that and unidentified actor gained access to the network and encrypted some devices, but backups are intact.

The ransom note claims that the attacker has gained access to the source code of the recently released cyberpunk 2077 and Witcher 3.

They have also gained access to employee's personal data as well as locked them out of company's network restricting access to tools required for their work resulting in a massive loss of productivity for the company.

Qualys hit with Ransomware: Customer Invoices Leaked on Extortionists' Tor Blog

"Infosec outfit Qualys, its cloud-based vuln detection tech, and its SSL server test webpage, have seemingly fallen victim to a ransomware attack.
Files appearing to originate from Qualys were dumped online this afternoon on the Tor blog of the Clop criminal extortionists."

Data Breaches

Over 500,000 Credentials For Tens of Gaming Firms Available in the Dark Web

"The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on online." For more information please see SecurityAffairs website.

Data of 21 Million Users From 3 Android VPNs Put for Sale Online

"A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total." For more information please see CyberNews website.

Improving Cybersecurity Maturity

Defending Against DDoS Attacks

A threat intelligence report by A10 Networks on "The State of DDoS Weapons" was released in December 2020. This research highlights how the pandemic and remote working have been the perfect combination for the increase of Distributed Denial of Services (DDoS) attacks, as follows:

Most weaponised services: SSDP, SNMP, Portmap, DNS Resolver and TFTP
List of countries / regions hosting DDoS botnet agents
Top five TCP ports scanned: 23, 2323, 80, 8080, 1023
Top five RCE attempts: CVE-2018-10561, CVE-2013-7471, CVE-2016-10372, CVE-2014-8361, CVE-2017-17215

The main recommended action is to be aware of the above, apply patches in a timely manner and restrict traffic to only authorised IP addresses / users.

CSA - Mitigating Hybrid Cloud Risk

During 2020, the Cloud Security Alliance (CSA) & Hybrid Cloud Security Working Group reviewed hybrid cloud model risks, threats and vulnerabilities to identify adequate mitigation controls for organisations to implement. The following are the controls listed, which is a useful starting point to analyse the security posture of hybrid cloud environments:

Mitigation Measures for Risks

Mitigate Distributed Denial-of-Service Attacks (DDoS)
Mitigate Data Leakage
Improve Perimeter Protection
Compliance
Aligned Service-Level Agreements (SLAs)
Alignment of Cloud Skill Sets
Overall Considerations for Security Control Maturity
Comprehensiveness of Security Risk Assessment

Mitigation Measures for Threats

Mitigate Malicious Insider

Mitigation Measures for Vulnerabilities

Encryption
Seamless Operational Processes
Network Connection Assurance
Centralized Identity and Access Lifecycle Management
Integrated Security Management

Events & Resources

Dell Microsoft Training - Intune/Endpoint Manager

Microsoft InTune/Endpoint Manager training is a three-day course which which is being run free of charge for HEAnet clients.

To register your interest in attending the sessions on the 18th March 2021 please use this link.

Please note places on each course are limited and HEAnet will do their best to accommodate all requests.

Microsoft Azure Lunch & Learn Webinars Series

The following webinars provided by Microsoft will be available for free during the next couple of weeks, while these are free to access they do depend on demand and availability

Recommended Event - BSides Dublin

Security BSides Dublin 2021 Virtual Conference will take place on 27th March 2021.
"Security BSides is a community-driven framework for building events, by and for, information security community members. These events are already happening in major cities all over the world! We are responsible for organising an independent BSides-Approved event for Ireland, in Dublin."

For more information on the event and registration options please see Bsides Dublin website.

Our New Team Members

Nathan Duffy

Nathan recently joined the HEAnet team as a Security & Risk Adviser. He has a number of years experience in Offensive Security including consultancy delivering penetration testing across a broad range of industries. Nathan holds a BSc in Digital Forensics and Cyber Security and is currently completing his Master of Science in Cyber Security. Nathan has a keen interest in all things relating to Offensive Security, particularly in Web Application penetration tesitng, network penetration testing, social engineering.

John Charles Lawlor

John-Charles is currently a third-year Computing with IT Management student at TU Dublin. He has joined HEAnet on a 6-month placement as a Security Analyst. John has had a keen interest in cyber security since the completion of his information security module and jumped at the chance to gain experience in the field.

If there is something you would like to see on our next newsletter, please email as at ictsecurityservices@heanet.ie.