End of year summary and new year predictions, Dec 25th – 31st – F5SIRT This Week in Security

This Week in Security

December - 25th – 31st , 2023

" End of year summary and new year predictions "



Editor's introduction 

This week editor is Lior Rotkovitch.  Another year went by, and it is a good time to start summarizing major security incidents in 2023.

In the past year we saw increase in CVE hunting where threat actors are in a race to take over an unpatched system within few hours from publications. CVE hunting become a low hanging fruit attack where hackers just scan the web for vulnerabilities with the assumption that it takes at least 1-2 days to patch the system from publication time using this gap to randomly exploit the vulnerable targets and get value. One poplar CVE hunting vulnerabilities occurred at control plane that are facing the public internet. once the entry point has exploited, they leverage the hack into a full take over by embedding malware or ransomware with persistence and even installing common hacking tools to achieve more granular control over the compromised system. F5 SIRT is promoting the control plane protection for many years by reducing public access (DMZing ) or placing a WAF in front of it, this is important part of the security plan.

Every end is also a beginning and as such there are security predictions for 2024. I guess the easiest prediction is just “more of everything” as the hacker’s playgrounds is expending all the time. Any hardware and software can and will be hacked at some points. 

While this is not encouraging, not all hope is lost, the security industry made a huge progress and created many products and services that provides the tooling needed to detect and mitigate those attacks. Building the right security plan, training personnel and well define security plan can get you in to a place where the mitigation time will be improved significantly.  Until next time, happy and safe new year.


Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

In this case an open-source vulnerability affects commercial products. The interesting part is that the root cause for the CVE still exists when it was published due to incomplete fix.  notable article quotes:

 “A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.

Apache OFBiz (Open For Business) is an open-source enterprise resource planning system many businesses use for e-commerce inventory and order management, human resources operations, and accounting.

OFBiz is part of Atlassian JIRA, a commercial project management and issue-tracking software used by over 120,000 companies worldwide. Therefore, any flaws in the open-source project are inherited by Atlassian's product.

….  While investigating Apache's fix, which was to remove the XML-RPC code  from OFBiz, SonicWall researchers discovered  that the root cause for CVE-2023-49070 was still present.

This incomplete fix still allowed attackers to exploit the bug in a fully patched version of the software.”




With car privacy concerns rising, automakers may be on road to regulation

Cars security was a big issue few years ago but it never took off for some reason. With the fast growth of Electronic vehicles, the security aspect is back mostly because of privacy issues with the data that the vehicle computer storage. Synchronizing contacts and apps from your mobile phone or tables to the car makes it unclear what happens to this data.  notable article quotes:

“…. sent a letter to 14 major auto manufacturers, condemning their privacy practices and declaring that consumers should not be trapped in a “massive data collection apparatus, with any disclosures hidden in pages-long privacy policies filled with legalese.”

Markey pointed out that Bluetooth’s emergence has broadened car surveillance by letting companies extract data that “has nothing to do with a vehicle’s operation, such as data from smartphones that are wirelessly connected to the vehicle."





Hackers see wealth of information to steal in children’s school records

Protecting data at large scale is always a challenge. Children at schools are not aware of security aspects provide great playground for hackers while the mitigations solutions are not always easy to accomplish. notable article quotes:

“Our school’s digital doors are rattled, pinged, probed and prodded thousands of times each day by well-resourced adversaries from all over the globe,” 

Cybercriminals seeking ransom payouts or identity thieves going after a student’s spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more. 

He advises moving away from methods like SMS confirmation, which can be intercepted through Bluetooth, and says that physical hardware security tokens would be safer. Of course, as Young said, “Some of the time we’re talking about kids as young as five and six years old with technology in their hands.” In these cases, lost technology is a real threat, and the most secure solution is not necessarily the one that makes the most sense. This paradox is yet another mountain that school information security teams must climb.”




Lockbit ransomware disrupts emergency care at German hospitals

Hospitals are a target over and over..  notable article quotes:

“recent service disruptions at three hospitals were caused by a Lockbit ransomware attack.

"Unknown actors have gained access to the systems of the IT infrastructure of the hospitals and have encrypted data,"

At the time of writing, the Lockbit ransomware gang hasn't added KHO to its extortion portal on the dark web, so whether or not the cybercriminals stole patient data or other sensitive information hasn't been determined yet. “




2023 summary

Few of the attacks mentioned are T-Mobile API attack, MOVEit attack and the  MGM resorts breach. 





2024 Predictions

Social engineer backed by AI – fake images, deep fake phishing is just a matter of time . Cloud – multi cloud hybrid environment incidents and CICD attack are expected to increase.

More : https://www.securitymagazine.com/articles/100271-top-cybersecurity-predictions-of-2024


Published Jan 03, 2024
Version 1.0

Was this article helpful?

No CommentsBe the first to comment