Read: The Need for Digital Transformation in Finance

The February 2024 OptionOne Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity Threat News

A Mass Exploitation of ConnectWise ScreenConnect Threatens Organizations and Their Customers

A widespread security vulnerability in the ConnectWise ScreenConnect remote desktop management service is causing concern among researchers, DarkReading reported. With the potential for a supply chain attack, this could be one of the biggest cybersecurity incidents of 2024.

The bugs allow hackers to gain remote access to thousands of servers and hundreds of thousands of endpoints.

The application is popularly used by tech support and managed service providers (MSPs) to connect to customer environments. This makes it a prime target for threat actors looking to exploit high-value endpoints and gain access to downstream networks. The vulnerabilities have been assigned CVEs, including an authentication bypass issue and a path traversal bug.

Initial access brokers (IABs) are already taking advantage of the bugs, with reports of active cyberattacks and ransomware deployments. The Shadowserver Foundation has detected thousands of vulnerable instances of ConnectWise ScreenConnect, the majority located in the US.

The widespread nature of this software and the severity of the bugs make it a major threat to hospitals, critical infrastructure, and state institutions. While patches have been issued by ConnectWise, organizations should also monitor for indicators of compromise (IoCs) and regularly check for unauthorized code execution in the application’s installation folder.

Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has added these bugs to its Known Exploited Vulnerabilities catalog, emphasizing the importance of swift action to mitigate potential attacks. 

78% of Organizations Suffer Repeat Ransomware Attacks After Paying

According to Cybereason’s Ransomware: The Cost to Business Study 2024, a staggering 78% of organizations that paid ransom demands were hit by a second ransomware attack. Infosecurity Magazine reported. What’s more alarming is that almost two-thirds (63%) of these organizations were asked to pay even more the second time around.

In most cases, the perpetrators of these repeat attacks were either the same threat actor (36%) or a different attacker (42%).

The consequences of these repeat attacks are costly, with 56% of organizations experiencing more than one ransomware attack in the last 24 months. Despite this risk, a majority (84%) of organizations still choose to pay the ransom demand, even though less than half (47%) can retrieve their data and services uncorrupted.

This highlights the fact that paying the ransom is not a guarantee of successful recovery. As Greg Day, Global Field CISO (VP) at Cybereason points out, there are many risks associated with paying ransom demands, such as the possibility of data being sold on the black market or being attacked again in the future.

Researchers also noted that ransomware actors are becoming more effective due to their use of generative AI tools. They can be used to craft professional-sounding social engineering messages which can be translated into any language.

WiFi Vulnerabilities Allow Attackers to Overtake Networks

Two significant security vulnerabilities have been identified in widely used wireless network software and hardware, Cybernews reported.

The first issue resides in “wpa_supplicant,” an open-source software that secures Wi-Fi connections with WPA (WiFi Protected Access) mechanisms. This flaw particularly endangers Wi-Fi networks utilizing WPA2/3 in Enterprise mode.

Attackers can exploit the vulnerability to lure victims into connecting to a malicious twin of their trusted network without the victim’s awareness or action, allowing for interception of the victim’s internet traffic. An estimated 2.3 billion Android users globally, alongside users of Linux devices and Chromebooks, could potentially fall prey to this exploit.

In a separate vulnerability discovery, Intel’s iNet Wireless Daemon (IWD), a prominent Linux WiFi solution, also exhibited a weakness. This flaw endangers users operating IWD as an access point, granting attackers unrestricted network access without relying on configuration errors.

Consequences can extend to sensitive data compromise, spreading of malware, and theft of credentials. Patches for both vulnerabilities are now available in public repositories, and users are advised to apply updates promptly. For Android users waiting on a security update to address the wpa_supplicant issue, setting a CA certificate for saved Enterprise networks is advised as a stopgap safeguard.

Cybersecurity Tips

Don’t Shortchange the Fundamentals Before Implementing AI

As AI becomes more integrated into business processes, it is also becoming more vital for organizations to embed security into their foundational cloud infrastructure, CIO Magazine reported. This isn’t merely a precaution; it’s an essential step to shield data and operations from cyber threats.

In addition, financial oversight is critical. The spontaneous and sporadic nature of AI development and experimentation can lead to unexpected expenses. Organizations need to emphasize budgeting and automation to prevent costs from spiraling out of control due to instances left running or underused resources.

Upcoming refresh cycles for hardware are on the horizon for many IT departments, largely driven by Windows 10 nearing its end of life in 2025. The migration to Windows 11, accompanied by the requisite upgraded hardware, will elevate security and performance. Some of the key advancements will include:

  • Neural Processing Units (NPUs) on new devices to enhance on-device AI capabilities.
  • Shorter hardware refresh cycles to keep up with rapid technological advancements.
  • Asset management strategies to ensure employees have the necessary tools for AI-fueled productivity.

Data centers will also face a substantial investment wave, beyond the cost of high-demand GPUs. To leverage the full potential of AI, CIOs must fortify their network architecture, increase connectivity with technologies such as 5G and Wi-Fi 6/7, and prepare for the secure edge computing demands AI will introduce.

Steve Leeper from Datadobi points out that lowering costs in flash storage and advancements in database performance will be pivotal in managing the large datasets associated with AI effectively. As AI continues to evolve, enterprise focus must shift towards meticulously planning out hardware infrastructures, which include storage, networking, and data management, to adequately support the AI processing pipeline and adapt to a blend of dataset sizes that will be used.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.