Get Help Now

Get expert threat analysis weekly. Sign up to receive our Threat Briefing:


    Date: 11/15/2023

    NSA Warns of Threat Actor Infiltration of Critical Infrastructure


    According to Wired magazine and the Washington Post, the NSA officials warned that “Chinese Hackers are increasingly implanting sophisticated disruptive malware in U.S. critical infrastructure” during the “Cyberwarcon” conference in Washington DC last week. Morgan Adamski, director of NSA’s Cybersecurity Collaboration Center warned that threat actors are “pre-positioning with intent to quietly burrow into critical networks for the long haul”.

    Potential Impact

    The impact of unauthorized access to critical infrastructure can be devastating if this access was used in malicious attacks.

    Recommended Actions

    Although critical infrastructure may require some specialized expertise at times, the recommendations encouraged by the NSA are in keeping with current information security wisdom.

    NSA recommendations include tried and true methods such as implementing Multi-Factor Authentication (MFA) wherever possible, aggregating and analyzing logs, and alerting on configuration changes, especially the addition of new remote-control software.

    Request Consultation

    For a complimentary consultation, fill out the form below and we will be in touch soon.

      Number of Employees - select one:
      Industry - select one:


      Confluence Vulnerability CVE-2023-22518 Severity Upgraded to 10


      Atlassian upgraded the CVSS severity score of CVE-2023-22518 to 10 after finding that exploitation might allow attackers to reset Confluence and create an administrator account. On November 14, 2023, The Register describes installation of a backdoor dubbed “effluence” in compromised systems.

      Potential Impact

      The potential impact of a Confluence server compromise can range from data exfiltration to network compromise and deployment of ransomware.

      Recommended Actions

      Patch affected confluence servers, and review them for indicators of compromise. According to Atlassian: “Atlassian cannot confirm if your instances have been affected by this vulnerability. You should engage your local security team to check all affected Confluence instances for evidence of compromise.”


      Initial Access Vectors for Ransomware Groups


      A notification on recent ransomware trends was published by the FBI to alert organizations of threat actors using legitimate system management tools to launch attackers. This includes targeting vendor-controlled remote access tools or performing social engineering campaigns leading to the installation of legitimate remote access tools.

      Potential Impact

      Attackers who target and successfully compromise an MSP vendor can leverage existing access to customer networks and deploy ransomware. It is also likely that MSPs already sufficient privileges to move laterally and deploy software.

      Additionally, legitimate remote access or management tools like AnyDesk, Splashtop, etc. can go unnoticed by endpoint protection software. These tools can be used to deploy software, exfiltrate data and move laterally through a targeted environment. 

      Recommended Actions

      Review security posture with third-party vendors by performing a vendor risk assessment. Ensure connections from the vendor are monitored and that access is assigned using least-privilege principles. Multifactor authentication should be required where possible. Additionally, establish a policy for remote access tools permitted for use. Software inventories should be reviewed against this policy to ensure unauthorized remote access tools are not present.


      Rise of Ransomware Attacks in Healthcare


      Healthcare institutions are facing an alarming rise in cyber threats, with ransomware attacks constituting over 50% of incidents. The financial toll of these attacks has surged by 15.3%, reaching an average of $4.45 million per incident, according to IBM’s 2023 Cost of a Breach Report.

      Potential Impact

      Ransomware will have an immediate crippling effect to network and systems operations leading to issues with patient care. As highlighted by IBM’s 2023 Cost of a Breach Report, there is prolonged average of 287 days before identifying a breach. Lack of early detection provides ample for exploitation and sensitive data exfiltration.

      Recommended Actions

      Healthcare organizations are urged to take a proactive approach to security including:

      · Enforce strong passwords by encouraging users to leverage passphrases and setting the minimum length to 14 characters.

      · Maintain regular and segmented backups so that system restoration can occur with paying ransom demands.

      · Awareness training should be performed to mock phishing events other risks so that a culture of security is created.

      · Perform regular vulnerability scanning, especially of Internet-facing systems, to ensure critical vulnerabilities are addressed efficiently.

      · Enforce multifactor authentication for all remote access. Exceptions should be documented and other security controls such geolocation restrictions should be applied to reduce risks of compromise.

      · Ensure systems are monitored 24/7 with a Managed Security Operations Center (mSOC) service to assist with early detection and response.


      How can we help?

      If you need assistance with any of the Threats identified today or any other cybersecurity concerns, compliance issues or questions, please reach out through the contact button below.  We stand ready to assist!

      Let’s Discuss Your Cybersecurity Needs

      Contact Us  
      Privacy Settings
      We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
      Consent to display content from - Youtube
      Consent to display content from - Vimeo
      Google Maps
      Consent to display content from - Google
      Consent to display content from - Spotify
      Sound Cloud
      Consent to display content from - Sound
      Contact Us