The Cybersecurity and Infrastructure Security Agency (CISA), part of the US Department of Homeland Security, with input from the FBI, issued a alert on September 15, 2020, warning that an Iran-based threat actor is known to have penetrated a number of networks and may be considering deploying ransomware in addition to other malicious activity.
They primarily targeted US businesses and organizations in the IT, government, healthcare, finance, insurance and media industries.
The Menacing Actor is an Iran-based band known as Pioneer Kitten, UNC757, Fox Kitten, and Parisite. It appears to be an entrepreneur supporting the Iranian government’s espionage or disruption objectives; however, he also appears to be pursuing his own financial interests. A report from Crowdstrike claims that Pioneer Kitten is very opportunistic with an emphasis on technology, government, defense and health. The Crowdstrike report also notes that a person associated with Pioneer Kitten attempted to sell access to compromised networks (likely without permission from the Iranian government).
Using analysis tools, backdoor creators, and open source tools including Nmap, FRPC, ngrok, and a tiny web shell, this cybercrime gang identifies open ports, then exploits multiple vulnerabilities and exposures. common (CVE) against a range of popular VPNs to access network targets. The CVEs that CISA and the FBI have observed the group use include:
Once they gain access, cybercriminals gain administrator-level credentials and roam sideways across networks, running scripts, obtaining access credentials, learning about victimized environments, and establishing persistence. Their primary focus appears to be espionage by maintaining a continuous presence for the purposes of data collection and exfiltration.
The CISA report specifies an exhaustive list of exploitation tools used by this cybercriminal gang, as well as details on the implementation of some of the detected attacks.
The most notable clues that your system may have been attacked by this threat actor are:
- Using ngrok, which manifests as TCP port 443 connections to an external cloud infrastructure.
- Using FRPC on port 7557.
Additional details on the tools used by Pioneer Kitten can be found in MAR-10297887-1.v1 malware analysis report.
Several actions can help organizations avoid falling victim to an attack by Pioneer Kitten or other malicious actors, or mitigate the damage in the event of an attack. Is break your defenses:
- Make sure you have a system in place to keep all software up to date and to install security patches as they become available.
- Implement multi-factor authentication.
- Monitor network traffic for unexpected and untrusted protocols, especially outgoing to the Internet (eg, SSH, SMB, RDP).
- Implement the principle of least privilege on data access.
- Deploy key endpoint and network defense tools.
- If you believe your network has been compromised, see the CISA resource list below for additional recommendations. Contact a local FBI office or report to the FBI 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by email.
Let’s dive a little deeper into a few of these recommended mitigations.
Least privilege controls for data access
There are several ways to implement least privilege access. Due to the complexity of creating, implementing, and maintaining user-level policies, especially in enterprise-wide organizations, most organizations tend to opt for role-based or service-based strategies. This creates, in essence, in Less privileged access rather than the least privilege, because the conditions of access may vary for each individual, and all The needs must be covered in a group policy and do not correspond to the cybersecurity ideal of personalized access rights for each individual user.
Ericoms latest Zero Trust security solution, Ericom Application Isolator (EAI), changes that by using ML-based automated policy creation to simplify the implementation of true least privilege access controls down to the individual user level, even in a large organization. With EAI, users have no visibility at the network layer, so they can’t even see applications they don’t have permission to access. This dramatically reduces the damage that a malicious actor like Pioneer Kitten can cause if they successfully exploit an unpatched VPN or firewall vulnerability or hack into your network.
Network traffic monitoring
Monitoring network traffic is also often too difficult and time consuming to implement at a sufficiently granular level to identify specific threat sources. EAI also helps in this area by providing easy-to-use dashboards, in-depth analytics and trending analysis on network traffic details, including user-level, application-level data views. and at the location. This data helps IT and security teams detect abnormal activity so it can be quickly investigated, contained, and mitigated. See more information on the EAI solution here.
Endpoint defense tools
Remote browser isolation (RBI) is a key endpoint defense against general malware attacks, although based on the warning it does not do so for this specific threat. Infected websites and malicious URLs transmitted via phishing emails are key vectors for ransomware and other malware. all Web content away from endpoints is an important strategy to protect organizational networks and resources from attacks. RBI accomplishes this by running web content in isolated virtual browsers in containers in the cloud. Secure rendering data is transmitted to user endpoints, allowing full interaction with websites. As such, RBI protects endpoints from attacks without impeding Internet usage which is key to business productivity today.
CISA Alert AA20-031A: Detection of Citrix CVE-2019-19781
CISA Alert AA20-073A: Corporate VPN Security
CISA AA20-107A alert: Continuous exploitation of threat actors after impulse Secure VPN patch
CISA Alert AA20-206A: Exploitation of the actors of the threat of F5 BIG-IP CVE-2020-5902
CISA Security Tip: Securing Network Infrastructure Devices
What Are The Main Benefits Of Comparing Car Insurance Quotes Online
LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos
to request, modification Contact us at Here or [email protected]