Cybersecurity Breaches & Solutions | Feb 16th, 2022

Severe Vulnerabilities on Apple & Moxa, and an Ominous Rise in DDoS Attacks

HUB Weekly Digest

Cyber attacks happen daily. We cover them weekly.

This digest brings this week’s major cybersecurity stories from various news outlets. Each story is analyzed by HUB Security’s experts, who provide their professional observations.

In each attack we cover, we describe how the breach occurred (based on reported details) and how it could have been avoided.

🎓 Free Webinar: IoT for Telcos

HUB hosts a panel of global experts to discuss and analyze the current markets. We’d love you to join: You can register here for free.

On the Agenda:

⚔️ 5 severe vulnerabilities discovered on MXview by Moxa

💻 The rise of the DDoS attacks

 Apple discloses Safari and iOs vulnerability

⚔️ 5 severe vulnerabilities discovered on MXview by Moxa

What’s the hack: MXview, a major player in the ICS and overall IoT markets with a focus on converged networks, was found to have five security flaws. These vulnerabilities, which have a CVSS score of ten out of ten, pose a serious threat. These discovered flaws endanger critical infrastructure environments that rely on Moxa MXview. Three of them can be linked together to perform RCE, while the others can be used to recover passwords and other sensitive information.

How it was done: Once an attacker gains access to the MQTT broker, two of the vulnerabilities are activated, allowing RCE via command injection. The former is a problem with access control that allows remote access to internal communication channels. The latter is caused by incorrect neutralization of special elements, which allows an attacker to remotely execute unauthorized commands, disable the software, or read and modify otherwise inaccessible data. (source)

HUB’s solution: IoT, OT, ICS are vulnerable to attacks. Nations states especially are looking for such vulnerabilities. Message bus and similar technologies are a central pipeline of data, and thus expose the organization to potentially high risk. Protocols such as MQTT should be inspected and unexpected communication should be blocked, in addition to regular patch and vulnerability management.

💻 The rise of the DDoS attacks

What’s the hack: The number of distributed denial-of-service attacks increased by more than 50% in the fourth quarter. Attacks primarily target victims in the United States (43%) and China (9.96%), with Hong Kong, Germany, and France following closely behind.

How it was done: Researchers attribute the massive increase in DDoS attacks to seasonal trends. The “sharp drop” in cryptocurrency value in the fourth quarter was also a factor. Because DDoS and mining capacities are partially interchangeable, botnet owners tend to use them for mining when cryptocurrency prices are high and for DDoS when cryptocurrency prices are low. (source)

HUB’s solution: This shows that cybercrime is a full profit efficient business that deploys its resources to the most lucrative target at any time. it also shows that DDoS protection should be set to the highest levels of seasonality to protect against the most prevalent attacks. in order to prepare for these attacks, DDoS simulation exercises should be performed on a regular basis, and customized attacks for the specific service or website should be executed. fortunately, HUB Security’s D.Storm can help in this space.

 Apple discloses Safari and iOS vulnerability

What’s the hack: This newly discovered flaw is a use-after-free issue in WebKit, the browser engine used by Safari and all iOS web browsers. Apparently, processing maliciously crafted web content can result in arbitrary code execution. It is unknown whether or not this vulnerability was exploited at this time, but it is certainly an option.

How it was done: WebKit vulnerabilities are frequently exploited by exposing the device to a malicious webpage. Although no specifics about the vulnerability or the attacks have been shared thus far, it is known that many of the actively exploited zero-day vulnerabilities in iOS that Apple has fixed in recent years have been discovered to be used to deliver NSO Group’s Pegasus spyware. (source)

HUB’s solution: Even apple has vulnerabilities that can be exploited Before apple has the chance to remediate them. A zero-day attack process should be implemented to reduce the chance of exploitations of zero-day, and especially thereat hunting processes should be deployed to investigate if the zero-day vulnerabilities were exploited, and how. Comprehensive confidential computing and aero-trust methodologies can help reduce the risk of exploitation.