Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerabilities cause the majority of cybercrime. There are always new vulnerabilities appearing as software gets updated and as cyber criminals work behind the scenes to find new backdoors to organizations’ systems. In the first half of 2022 alone, 81% of incidents happened through an external exposure — either a known vulnerability or a remote desktop protocol. The sheer volume of vulnerabilities grew again in 2022, with over 25,000 recorded, and over 800 have been actively exploited.

On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code execution vulnerability being actively exploited in the wild. Exploitation of this vulnerability could allow sensitive data to be leaked and potentially used for extortion.

The new year is upon us, but from a cybersecurity perspective, things look much the same as they did last year. January brought fresh attacks on a pair of familiar targets, high-stakes escalations in the ransomware game, and questionable crisis management from a high-profile victim. In other words, business as usual for cybercriminals! Let’s look at a few noteworthy cybercrimes from January 2023.

Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially over the weekend, with approximately 3,000 victims worldwide as of early-Monday morning. Based on reporting from OVH, the threat actors behind this campaign are likely leveraging a nearly two year old heap overflow vulnerability (CVE-2021-21974) in VMware ESXi’s OpenSLP service.

Say what you want about bots, but you have to admire their versatility. Bots do everything from rank Google results and serve up cat photos on your Facebook feed, to sway elections and defraud retailers. Basically, they’re quite flexible. These days, bad bots are big business, with cybercriminals around the world using them to fraudulently access accounts, attack networks, and steal data.

On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.

Security teams need to continually bolster their cybersecurity controls and expertise to keep up with the evolving threat landscape. Successful readiness and response to a cybersecurity breach requires the right mix of people, processes and technology. Yet challenges with staffing, technical issues, and budget hamper threat detection and response for too many organizations, creating gaps that threat actors are eager to exploit.

Tomorrow, January 28, marks the annual Global Data Privacy Day, an annual reminder of the importance of safeguarding personal information in our always-connected society. With the boundaries between the online and offline realms becoming increasingly blurred, we find ourselves generating an unprecedented amount of data about ourselves, our loved ones, and our personal lives.

Cybercrime isn’t unique to certain sectors or industries. But some areas are more at risk, like local governments and municipalities. It makes sense, governments not only hold a lot of personal and valuable information on their systems, but government entities are interconnected and critical to the operations of a given area — from police forces to court hearings to basic administration and document processing. It’s a high– value target for hackers.

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). Although different vulnerability types, both vulnerabilities could allow an unauthenticated threat actor to inject files into the operating system of the vulnerable product which could result in RCE. Both vulnerabilities were responsibly disclosed to VMware and have not been actively exploited in campaigns.