This Month in Cybersecurity - March Edition

WordPress Website Admins Urged to Delete Plugin

Admins who utilize the Malware Scanner and Web Application Firewall plugin from miniOrange on their WordPress are being told to remove the plugins after a critical security flaw was discovered. The flaw, being tracked as CVE-2024-2172, has been rated a 9.8 out of 10 for severity and affects the Malware Scanner versions up to 4.7.2 and Web Application Firewall versions up to 2.1.1.

The vulnerability allows for threat agents to gain administrative access to the website through either of the two plugins, using the flaw to update user passwords and escalate their privileges to that of an administrator. Once the agent has gained access to an account and raised the privileges to that of an admin, they can upload malicious files, modify content, and potentially redirect users to harmful sites or inject spam.

Despite the plugins being permanently closed, WordPress still urges admins to remove them and notes that there are still over 10,000 active installations of the Malware Scanner and 300 of the Web Application Firewall.

Schools in Scranton, Pennsylvania Undergo Ransomware Attack

Schools in Scranton, Pennsylvania, faced a ransomware attack this week, causing IT outages and disruptions to computer systems and services. The Scranton School District is actively investigating the security breach with third-party forensic specialists to determine the source of the incident, assess its impact on systems, and restore full functionality as swiftly as possible. The district ordered staff to refrain from using electronic devices and to uninstall school-related apps from mobile devices, while acknowledging potential limitations in accessing certain files and slower system functions due to increased security measures.

The attack led to delays in classes and prompted the district to implement alternative teaching methods, such as using pencil and paper instead of Chromebooks for student tasks. While the Scranton School District has not disclosed specific details about the ransomware attack, including the identity of the ransomware family or whether there was a data breach, efforts are underway to resolve the issue promptly and securely. Cooperation from staff and the community is emphasized as the district works to mitigate the impact of the attack and return to normal operations.

New Zero-Trust Guidance Released by the NSA

The National Security Agency (NSA) has issued best-practice recommendations for federal agencies regarding cybersecurity, particularly focusing on the Network and Environment pillar of its zero-trust framework. Despite the focus of the new Cybersecurity Information Sheet (CIS) being government related agencies and industries, expert chief information security officer (CISO), Steve Winterfeld, advises that the wider business world can benefit from zero-trust guidance.

The takeaways from the NSA guidance:

  1. Learn All Seven Pillars of Zero Trust

  2. Expect Attackers to Breach Your Perimeter

  3. Map Data Flows to Start

  4. Move to Macrosegmentation

  5. Mature to Software-Defined Networking

  6. Realize Progress Will Be Iterative

Experts agree that unauthorized access incidents are inevitable, the difference being whether organizations are able to catch those incidents before they become breaches. While most networks have evolved over time, rearchitecting them to fit within the new guidance will take time.

 

Defensible Strategies

Learn from those who have been attacked

Scareware Scam Perpetrators Sued by FTC

Two firms involved in a scareware scam have be fined $26 million by the US Federal Trade Commission (FTC) due to their involvement which led to consumers believing that their computers were infected by malware. The tech support scam, operated by Restoro Cyprus Limited and Reimage Cyprus Limited, was claimed to have generated tens of millions of dollars by using false and unsubstantiated claims about malware infected computers.

The scam involved fake Microsoft Windows pop-ups claiming computers were infected with viruses, urging users to scan their computers to avoid damage. Despite the actual health of the computers, scans that “found” performance or security issues convinced users to purchase repair software, costing between $27 and $58, with false promises of urgent fixes. Investigations confirmed victims' claims, revealing that telemarketers also persuaded users to pay for additional remote access services.

The FTC plans on using the fine to compensate scammed consumers and to see a permanent injunction against the companies if the court approves the proposed settlement.

70 Million+ Records Stolen From AT&T

Researchers have found and confirmed that data leaked on Breached claiming to be from AT&T is legitimate. The data in question is over 70 million records that were obtained from an unnamed AT&T department in 2021 by a threat agent group that goes by the moniker ShinyHunters.

AT&T has denied any data breach, and researchers have not been able to confirm that the information included in the database is specifically related to AT&T users, but the claim has been verified in all other aspects. AT&T has claimed that after an internal investigation, that the data does not appear to have come from their systems, but they did not rule out that the breach could have happened via a third party. The information included in the leak is:

  • Name

  • Phone number

  • Physical address

  • Email address

  • Social security number

  • Date of birth

Incidents like these reinforce why it is important to audit your third party risk management practices/plans. If you need any help with this, please feel free to reach out to Cyber Defense!