CyberWeekly 07' Dec | Issue #14
Deloitte hack, Brain Cipher ransomware, encrypted messaging, Cisco vulnerability, Veeam flaws, cybersecurity news, OT IoT risks, legacy systems security, ransomware threats, data breach
TL;DR
Deloitte Allegedly Hacked: Ransomware group Brain Cipher claims to have stolen 1TB of data, though Deloitte denies its systems were breached.
Encryption Advocacy: Intelligence agencies push for encrypted communications after Chinese hackers exploit telecom networks.
Cisco’s Old Flaw Resurfaces: A 2014 vulnerability in Cisco ASA is actively exploited, highlighting risks in legacy systems.
OT/IoT Security Gaps: Critical infrastructure faces risks from poor inventories and outdated cybersecurity measures.
Veeam Urges Patching: Two vulnerabilities in VSPC, including an RCE flaw, require urgent updates to prevent major compromise.
Deloitte Hacked—or Not?
Cybersecurity group Brain Cipher claims to have breached Deloitte UK, allegedly exfiltrating 1TB of compressed data and threatening to release it unless the firm responds by December 15. The group, known for using LockBit 3.0-based payloads, criticized Deloitte for failing to observe "elementary" information security practices.
However, Deloitte has denied the allegations, stating the breach involves a single client's system unconnected to Deloitte's network. While no internal systems were reportedly affected, experts warn of the fallout even from unverified claims. As Javvad Malik of KnowBe4 notes, reputational damage and unnecessary incident responses can result from such accusations.
Brain Cipher previously targeted Indonesia’s Temporary National Data Center in June, demanding $8 million before eventually releasing the decryptor for free. Analysts suggest this may be a ploy to bolster the group's reputation in a crowded cybercriminal landscape.
Bottom line: Regardless of validity, this incident underscores the persistent reputational risks organizations face amid rising cyber threats.
Encryption Endorsements shows a Shift in Security Priorities
In light of telecom vulnerabilities exploited by Chinese state-sponsored hackers, intelligence and cybersecurity agencies from Five Eyes nations are urging individuals to adopt encrypted communications. This marks a pivotal shift, as governments historically resisted encryption due to law enforcement concerns.
The newly released guidance emphasizes end-to-end encrypted messaging apps to thwart unauthorized access. It also highlights the long-standing flaws in telecommunications networks that facilitated exploits like "Volt Typhoon," where Chinese actors compromised multiple providers.
Experts see this push as a turning point. Encryption pioneer SSL laid the foundation in the 1990s, yet email and attachments remain glaringly unencrypted. Analysts hope that the publicity from these breaches will drive legislative action to mandate stronger security protocols across the board.
The irony? The surveillance tools once embedded into telecom networks for oversight are now being weaponized by adversaries—a stark lesson on the risks of backdoors in encryption.
Cisco’s Decade-Old Flaw Comes Back to Haunt
A vulnerability in Cisco’s Adaptive Security Appliance (ASA), identified in 2014, has resurfaced as a security risk after being actively exploited. The flaw allows attackers to inject malicious scripts via a WebVPN login page, potentially hijacking user sessions and escalating privileges within organizations.
While Cisco rates the issue as medium-severity, experts emphasize its potential for significant damage when exploited alongside phishing attacks targeting privileged users. No workarounds are available, and Cisco strongly recommends applying the latest security patch.
The persistence of such vulnerabilities highlights a common challenge: outdated but still operational systems in critical infrastructure. As Meny Har of Opus Security puts it, "Medium-severity vulnerabilities become powerful attack vectors when integrated into chain attacks targeting high-value environments."
Critical Gaps in OT and IoT Security
Operational technology (OT) and Internet of Things (IoT) systems, vital to industries like transportation and healthcare, remain vulnerable due to outdated infrastructure and lax inventory practices. A December 4 GAO report found multiple federal agencies failing to meet IoT inventory requirements, citing lack of timelines and incomplete compliance.
At a recent conference hosted by GDIT, experts stressed the importance of baseline cybersecurity measures, including self-assessments and proper segmentation. Legacy systems, particularly in rural schools and hospitals, face heightened risks due to workforce shortages and insufficient funding.
Deputy CISA Director Nitin Natarajan warned that knowledge gaps among professionals exacerbate the problem, especially as high-value OT systems grow more connected. Meanwhile, some agencies claimed they had no IoT devices to inventory, drawing skepticism from the GAO.
Critical Veeam Vulnerabilities Disclosed
Veeam has disclosed two vulnerabilities affecting its Service Provider Console (VSPC), urging customers to update immediately.
CVE-2024-42448: A critical flaw (CVSS 9.9) allows remote code execution (RCE) on the VSPC server. Exploitation requires access by an authorized agent, making it especially dangerous for environments with compromised accounts.
CVE-2024-42449: Rated 7.1 on the CVSS scale, this vulnerability enables attackers to leak NTLM hashes of the VSPC service account and delete files on the VSPC server, posing significant risks to system integrity.
The vulnerabilities affect all versions of VSPC up to 8.1.0.21377. Veeam advises upgrading to version 8.1.0.21999 to mitigate the risks. As a leader in backup and disaster recovery solutions, the stakes are high for Veeam customers.
Liked this post or want to chat about cybersecurity? Have suggestions? Reach out to the
Sponsored
https://guidedhacking.com/threads/learn-assembly-for-game-hacking.20569/
Learn assembly basics in MINUTES. When C++ code is compiled, it results in machine code. This machine code can be disassembled using IDA Pro, which will give you assembly. Learning assembly is essential for reverse engineering games and any windows application, which is why it’s recommended to learn the basics of assembly language, such as x86 assembly. One of the most common assembly instructions include, MOV, CMP, and jump instructions.
Without the community partners, hacklido wouldn't be where it is now, So we would like to thank them.
If you wish to Sponsor / Partner with hacklido and get benefitted? Reach out to us via email@hacklido.com / discord / telegram group / Author’s LinkedIn to discuss with us!