Midsummer Security Indicators: Hot and Gloomy
August 2, 2023 Alex Woodie
The hot summer heat is smothering Americans like a tight polyester jacket these days. Also having big impacts on Americans are hackers, security vulnerabilities, spam, and malicious emails, which seem to be peaking with the seasonal fry.
Security software company Securin scanned 8 million addressable IPs among US state government systems, and discovered 119,000 instances of high-risk services that could be easily exploited, according to a report released yesterday, dubbed “The State of Cybersecurity in America.”
All told, Securin found 3,700 exposed databases (Db2 among them), 3,400 exposed Secure Shell (SSH) endpoints, 2,780 exposed File Transfer Protocol (FTP) systems, and 1,800 exposed Remote Desktop Protocol (RDP) endpoints in the scanned state government systems, the report found.
“A significant number of internal non-production systems are accessible from the Internet, creating easy opportunities,” Securin says in the report. “Several domains contain assets with unpatched high-risk vulnerabilities known to be previously exploited by ransomware gangs.”
It’s hot enough to fry an egg on the sidewalk in Arizona this summer, but that’s not preventing J.R. Sloan, the chief information officer for the state government, from locking down digital endpoints to minimize the chance of hackers getting in.
“As cyber threats continue to evolve, the State of Arizona collaborates with all industries and all levels of government to share intelligence data, best practices, learn from past events, and continue to find new ways to protect the entire state from potential attacks,” Sloan says in the Securin report.
The IBM i server itself has been hit with several security vulnerabilities this summer. IBM disclosed the first vulnerability, which involves a flaw in the Distributed Data Management (DDM) system that enables unauthenticated users to remotely run CL or PASE commands, on June 30. Originally given a CVSS base score of 5.6, IBM revisited the matter and gave it a much higher 8.6 score later.
A second pair of IBM i security flaws were revealed by IBM on July 16. Those flaws, which impacted Facsimile Support for i and Performance Tools for i, both were given a CVSS base score of 8.4. These two flaws, like the DDM flaw, were discovered by Silent Signal, an established Hungarian security company that has recently taken an interest in IBM i.
A chilling gap between the perception of good security practices in hybrid cloud environments and the cold, hard reality was one piece of unwelcome news exposed in a new Gigamon report.
In the “Hybrid Cloud Security Survey,” Gigamon found that hybrid cloud architectures are here to stay, citing Forrester analysts who say 72 percent of companies have adopted this deployment methodology. A whopping 94 percent of CISOs with hybrid cloud apparatuses say “their security tools and processes provide them with complete visibility and insights.”
“Yet, when we delved deeper to further investigate precise levels of deep observability, critical visibility gaps began to appear, from encrypted traffic, laterally moving data, and ‘unknown’ blind spots,” Gigamon wrote in the report.
Nearly one-third of security breaches are going undetected, according to Gigamon’s report. Nearly three in four CISOs (70 percent) say they don’t bother to analyze encrypted data flows.
“It seems there is a naivety across the globe on what constitutes a hybrid cloud blind spot and the resulting danger of not analyzing data simply because it’s encrypted or only flows internally,” the company said.
Researchers with the company found that 7.7 percent of emails hitting inboxes were malicious, with 15.9 percent assigned the “do not engage” moniker. Having nearly one-quarter (23.6 percent) of all emails classified as malicious is an all-time high, the company said.
One particular piece of malware that’s been really heating up this summer is QBot, a ransomware package. According to PhishLabs, the QBot family accounted for nearly 88 percent of the total ransomware payload observed, which the company says is a “staggering” amount.
QBot, which is typically distributed through malicious attachments in phishing emails, has been spotted in OneNote and Adobe documents, as well as in “HTML smuggling campaigns,” PhishLabs says. “The most popular malware family two quarters in a row, QBot features capabilities such as self-spreading, C2 communication, and sandbox detection,” the company says.
PhishLabs is also seeing a spike in social media attacks, which were up 12.2 percent in the first quarter. The social media environment is lucrative for malicious actors thanks to its open nature, but it’s proving prone to attack vectors, such as cyber threats (33.1 percent), impersonation (26.3 percent), counterfeiting (22.1 percent), and fraud (16.9 percent).