As summer begins its swan song and thoughts begin to turn toward autumn, the Cybersecurity and Infrastructure Security Agency (CISA) has a fresh batch of advisories. Released in August, these advisories highlight the various cyber risks lurking out there, many of which managed service providers (MSPs) should be mindful of. I put together a digest highlighting some of the latest alerts:
Overseas actors
What seems far away can land close to home. The FBI and the Department of Defense Cyber Crime Center teamed up with CISA to warn about the cyber actors. They are known as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm.
“These groups conduct operations to deploy ransomware to obtain and develop network access and facilitate collaboration with affiliate actors for further attacks,” CISA advised.
The advisory warns of the continued activity of the threat actors, which target U.S. and foreign organizations from various sectors. These sectors include government, education, finance, healthcare, and defense. A full list of mitigation tactics is available in the advisory. Among them, are the application of specific patches and checking systems for the unique identifiers and TTPs used by the actors when operating on compromised networks.
And these groups aren’t the only ones to keep an eye on. CISA recently warned Lumen Technologies that threat actor Volt Typhoon was actively exploiting a zero-day vulnerability in the network management platform Versa Director.
“The threats from bad actors overseas will continue to be something everyone needs to monitor. MSPs need to be continuously alert for suspicious activity or activity at unusual times,” says Dalton Rogers, an independent cybersecurity consultant in Dallas. “With the war ongoing in Ukraine, the conflict in the Middle East, and other geopolitical hotspots across the globe, every stakeholder needs to be mindful and alert. Because criminals will use the conflicts to sow disorder and distrust.”
Chrome warning
There is also a vulnerability in Chrome that CISA is recommending organizations to remedy by September 16.
According to the U.S. cybersecurity agency, CVE-2024-7971 “contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page.” This means an attacker can force a logical memory error to destabilize a system, opening the door to an attack.
“Because of Chrome’s huge base of users, anytime there is an issue with Chrome, it’s something to take note of and take seriously,” Rogers states.
Zero trust guidance
For several years, traditional perimeter-based security measures have been the gold standard. But they are no longer sufficient to protect networks from intrusion and secure critical infrastructure data.
Zero trust is the new gold standard. Therefore, CISA has been behind the campaign for adoption. They are turning to connected communities as an attractive target for criminals and threat actors to exploit vulnerable systems to steal critical infrastructure data and proprietary information, conduct ransomware operations, or launch destructive cyberattacks. CISA also sees the potential for successful cyberattacks against smart cities to result in disruption of infrastructure services, significant financial losses, exposure of citizens’ private data, erosion of citizens’ trust in the smart systems themselves, and physical impacts to infrastructure that could cause physical harm or loss of life.
CISA’s latest bulletin about zero trust states:
Connected communities may create safer, more efficient, resilient communities through technological innovation and data-driven decision-making; however, the integration of smart technologies also introduces potential vulnerabilities that, if exploited, could impact economic security, public health and safety, and critical infrastructure operations.
CISA’s new guidance and the establishment of their zero trust office earlier this year, underscores how seriously they view zero trust as a tool.
CISA services portal
CISA is also preparing to implement the landmark Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The law will require organizations across all 16 critical infrastructure sectors to report serious cyber incidents to CISA within 72 hours and ransomware attacks within 24 hours. Currently, reporting is voluntary.
The new portal allows users to save and update reports, share reports with third parties, search and filter reports, and chat informally with CISA officials.
Jeff Greene, CISA’s executive assistant director for cybersecurity, states, “Any organization experiencing a cyber attack or incident should report it. For its own benefit and to help the broader community.”
As we transition from summer to fall, the CISA is once again shining a light on cyber threats and vital updates for MSPs. From warnings about sophisticated overseas actors to critical vulnerabilities in widely used software like Chrome, the message is clear. Vigilance and proactive measures are essential.
Photo: Elkhophoto / Shutterstock