Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI: State Hackers Exploiting New Zoho Zero-day Since October

FBI: State Hackers Exploiting New Zoho Zero-day Since October

The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho’s ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October.

“Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers,” the FBI’s Cyber Division said [PDF].

“The APT actors were observed compromising Desktop Central servers, dropping a webshell that overrides a legitimate function of Desktop Central, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.”

Also Read: The Data Protection Act of Singapore and how it affects businesses

The security flaw, patched by Zoho in early December, is a critical authentication bypass vulnerability attackers could exploit to execute arbitrary code on vulnerable Desktop Central servers.

CISA added CVE-2021-44515 to its Known Exploited Vulnerabilities Catalog on December 10, requiring federal agencies to patch it before Christmas under Binding Operational Directive (BOD) 22-01.

Customers warned to patch their servers

After patching the vulnerability, the company also warned customers of ongoing exploitation attempts urging them to immediately deploy the security updates to block incoming attacks.

“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,” Zoho said.

To detect if your server was breached using this security flaw, you can use Zoho’s Exploit Detection Tool and go through the steps detailed here.

Also Read: What is cybersecurity? 5 best cybersecurity practices to follow

The company advises backing up critical business data, disconnecting impacted network systems, formatting all compromised servers, restoring Desktop Central, and updating to the latest build.

If signs of compromise are found, Zoho recommends initiating a password reset “for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine,” together with Active Directory administrator passwords.

According to Shodan, there are over 2,900 ManageEngine Desktop Central instances exposed to incoming attacks.

CVE-2021-44515 impact
Internet-exposed Desktop Central servers (BleepingComputer)

ManageEngine servers under siege

In recent years, Zoho ManageEngine servers have been under constant targeting, with Desktop Central instances, for instance, having been hacked and access to their networks sold on hacking forums since July 2020.

Between August and October 2021, Zoho ManageEngine installations have also been attacked by nation-state hackers using tactics and tooling similar to those employed by the Chinese-linked APT27 hacking group.

In these attacks, the threat actors focused their efforts on breaching the networks of critical infrastructure organizations worldwide in three different campaigns.

They first used an ADSelfService zero-day exploit between early August and mid-September, then switched to an n-day AdSelfService exploit until late October, and moved to a ServiceDesk one starting with October 25.

Following these campaigns, the FBI and CISA issued joint advisories (12) warning of APT actors exploiting these ManageEngine flaws to drop web shells on the networks of breached critical infrastructure orgs, including healthcare, financial services, electronics, and IT consulting industries.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us