Recently, the Mitsubishi Electric Corp has revealed a major security breach; and in a brief statement released on its website stated that “sensitive information on the development of attack missiles could have been stolen part of a cyberattack on the servers of the Japanese electronic manufacturer Mitsubishi Electric last year.”
The attack appeared to have occurred on June 28, 2019, and was investigated months later. After two local newspapers published the stories about the attack, now finally the company has decided to converse on the matter.
The company, Mitsubishi Electric Corp, has argued that it is industrial surveillance. Still, sources say that the hackers have targeted the defense industry, mainly to steal information on a prototype of a cutting-edge high-speed gliding missile.
A government source has explained that “Although the data was not classified as highly confidential,, the fact is that, it is still sensitive information related to the future of Japan’s defense capabilities.”
Confronted with the development of hypersonic missiles (HGV) in China, Russia, and the United States, the Japanese Ministry of Defense also launched its own research on this type of missile with a varied trajectory in 2018, sending the required specifications to the candidate companies to develop the prototype, including the Mitsubishi Electric Corp as well.
The stolen information could have included information on range, propulsion, heat resistance, and the production of the missile prototype that was requested by the Defense Ministry during the bidding process for the contract to develop the weapon; these are the data that the candidate companies promised to protect.
According to the reports, the data was stolen from the company’s internal network, about 200MB of files, mostly commercial documents. And apparently, the attackers stole data from their trading partners and defense contracts.
This whole incident is being treated with the utmost severity in Japan due to the fact that Mitsubishi Electric Corp is one of the largest defense and infrastructure contractors in the country. Moreover, the stolen data can also facilitate terrorist operations, as there is data related to the telecommunications infrastructure, railways, and the electricity grid.
All these attacks were unveiled last January, and the Japanese manufacturer believes that it was executed by the group of Chinese ‘hackers’ known as, “Tick” or by another group, known as “Bronze Butler”, allegedly controlled by the country’s military. In short, these both hacker groups are government-backed hacker groups.
The Mitsubishi Electric Corp reportedly noticed such cyberattacks in late June 2019, when they detected suspicious activity on a server at its Kamakura Research and Technological Development Center in Kanagawa Prefecture.
Moreover, since last July, more than 40 servers, more than 120 computer systems at its headquarters in Tokyo, and other of its offices have been infringed, and its personal data on some 8,000 people also have been leaked.
Along with the Mitsubishi Electric Corp, several other Japanese defense contractors like NEC Corp., Pasco Corp., and Kobe Steel Ltd., were also hit by these cyberattacks this year. But, the Chief Cabinet Secretary Yoshihide Suga has stated that “the Defense Ministry is investigating the possible impact of the information leak on national security.”
So, what do you think about this? Share your views and thoughts in the comment section below.
VMware Cloud Director vulnerability enables a full cloud infrastructure takeover
A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered.
About VMware vCloud Director and CVE-2020-3956
VMware Cloud Director (formerly known as vCloud Director) is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure.
CVE-2020-3956 was discovered by Citadelo penetration testers during a security audit of a customer’s VMWare Cloud Director-based cloud infrastructure.
“An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access,” VMware explained in a security advisory published on May 19, after the company finished releasing patches for several versions of vCloud Director.
The researchers have provided more details about the vulnerability, explained how it can be exploited, and shared an exploit.
The damage attackers can do after exploiting the flaw is substantial. They can:
- View content of the internal system database, including password hashes of any customers allocated to this infrastructure
- Modify the system database to steal foreign virtual machines (VM) assigned to different organizations within Cloud Director
- Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account
- Modify the login page to Cloud Director, which allows the attacker to capture passwords of another customer in plaintext, including System Administrator accounts
- Read other sensitive data related to customers.
The vulnerability has been patched
The vulnerability was privately reported to VMware, and has been addressed in April and May.
VMware considers the flaw to be “important” and not “critical”, since an attacker must be authenticated in order to exploit CVE-2020-3956. But, as the researchers noted, “cloud providers offering a free trial to potential new customers using VMware Cloud Director are at high risk because an untrusted actor can quickly take advantage.”
Admins are advised to upgrade to vCloud Director versions 10.0.0.2, 22.214.171.124, 126.96.36.199 or 188.8.131.52 to plug the security hole. A workaround is also available for those that can’t upgrade to a recommended version (temporarily or ever).
VMware Cloud Director v10.1.0 and vCloud Director versions 9.0.x and 8.x are not affected by the flaw.
Joomla Team Discloses Data Breach – 2,700 Individuals Were Affected
Joomla is a popular free and open-source content management system used for publishing web content. The team behind the CMS discloses the data breach last week.
The incident happens after a team member left an unencrypted full backup of the JRD site on an unsecured Amazon Web Services S3 bucket.
The company said that more than 2,700 users who have access to resources.joomla.org website are affected.
Data Impacted – Joomla
The company confirms that no financial or reputational data was exposed as a part of the breach. The Joomla team is currently investigating the incident.
Following are the details included with the backup
- Full name
- Business address
- Business email address
- Business phone number
- Company URL
- Nature of business
- Encrypted password (hashed)
- IP address
- Newsletter subscription preferences
“Most of the data was public since users submitted their data with the intent of being included in a public directory. Private data (unpublished, unapproved listings, tickets) was included in the breach,” read a company statement.
The audit report also stated, “the presence of SuperUser accounts owned by individuals outside Open Source Matters.”
The company confirms there is no third-party access to the database, even though it is recommended to change the passwords immediately if the same password used for multiple logins.
“We apologize for the inconvenience. We are deeply committed to providing the best and most secure infrastructure for our community. Thank you for the support and understanding, reads the notification.
Lean into zero trust to ensure security in times of agility
Bad actors are rapidly mounting phishing campaigns, setting up malicious websites and sending malicious attachments to take full advantage of the pandemic and users’ need for information, their fears and other emotions. More often than not, the goal is the compromise of login credentials.
Many organizations grant more trust to users on the intranet versus users on the internet. Employees working from home – while unknowingly browsing potentially malicious websites and clicking on doctored COVID-19 maps that download malware – are using company laptops and VPNs to connect to the corporate network and from there are granted a much wider degree of latitude in terms of access to different resources.
Once a user’s credentials are compromised, this implicit trust associated with a user’s locality of access from the intranet can be taken advantage of to spread malware laterally within the organization. It’s clear, therefore, that it’s no longer possible to tackle security with an internet-versus-intranet approach, where assets within the network perimeter are considered safe.
A good way to navigate this minefield and secure an organization is to assume that everything is suspect and adopt a zero trust approach. Zero trust aims to eliminate implicit trust associated with the locality of user access, for example users on the Intranet versus the Internet, and moves the focus of security to applications, devices, and users.
Here are a few key points to bear in mind when embarking on a zero trust journey:
Zero trust is a journey, not a product
What’s truly important to understand about zero trust is that it isn’t a product or a tool. Zero trust is a framework, an approach to managing IT and network operations that helps drive protection and prevent security breaches. Zero trust aims to have a consistent approach to security, independent of whether a user is accessing data and applications from the intranet or the internet.
In striving for this, zero trust actually attempts to simplify security by eliminating the need for separate frameworks, separate tools and separate policies for security based on locality of access (e.g., having a dedicated VPN infrastructure for remote access).
It also ensures that users have a consistent experience independent of the where they are working from. By putting the emphasis on applications, users and devices and eliminating implicit trust associated with internal networks, zero trust essentially aims to reduce the overhead associated with managing different security infrastructures associated with external vs internal boundaries. Zero trust aims to accomplish this by requiring a comprehensive policy framework for authentication and access control of all assets.
Visibility is the cornerstone for zero trust
The key to implementing zero trust is to build insight into all assets (applications, devices, users) and their interactions. This is essential in order to define and implement a comprehensive authentication and access control policy. A big challenge that security teams face today is that access control policies tend to be too loose or permissive or tied to network segments rather than assets, thereby making it easier for bad actors to move laterally within an organization.
By putting the emphasis on assets and building out an asset map, policy creation and enforcement can be simplified. And because the policies are tied to assets and not network segments, the same set of policies can be used regardless of where a user is accessing data and applications from.
Discovery of assets can be achieved in many ways. One excellent approach to asset mapping and discovery is to leverage metadata that can be extracted from network traffic. Network traffic makes it possible to discover and enumerate assets that may be missed through other mechanisms. Legacy applications as well as modern applications built using microservices, connected devices and users, can all be discovered through network traffic visibility, their interactions mapped, thereby facilitating the building of an asset map baseline. Having such a baseline is critical to building the right policy model for authentication and access control.
While authentication and access control are essential in the world of zero trust, so is privacy. Authentication ensures that end points of a conversation know who is at the other end. Access control ensures only the permitted assets can be accessed by the user. However, it is still possible for a bad actor to “snoop” on valid communication and through that get access to sensitive information (including passwords and confidential data).
An area of implicit trust in many organizations is that communication on the company intranet tends to be in clear text for many applications. This is a mistake. We should not assume that communications on the company’s internal network is secure simply by virtue of being on the company’s network. When carrying out any transaction on the Internet we use TLS (“https”), which encrypts the data.
Communication on the intranet should be no different. We should work under the assumption that bad actors already have a footprint on our company’s network. Consequently, any communication between users, devices and applications should be encrypted to ensure privacy. This is yet another step to ensuring that a consistent security framework can be used for users on the internet and on the intranet.
Of course, encrypting all traffic on a company’s network makes it harder to troubleshoot application problems and network issues, and makes it harder for security teams to identify threats or malicious activity. Additionally, in specific verticals, this can make compliance a challenge due to the inability to keep activity logs of specific required activity. For this reason, leveraging a network-based solution for targeted network traffic decryption may be beneficial when moving towards a model where all traffic on the intranet is encrypted.
Implement a continuous monitoring strategy
Corporate networks are not static. They are continuously evolving with new users, devices, applications being added and old ones being deprecated. In these times where capacity is dynamically scaled up and down, new applications are being quickly brought to market, and more IT and OT devices are coming online, the network has never been more dynamic.
Cloud migration is further changing the very nature of a network and the notion of what is “internal” vs “external”. Putting in place a framework for authentication, access control and encryption is half the solution. The other half is putting in place a continuous monitoring strategy to detect changes and to ensure that either the changes are compliant with the policy or the policy evolves to accommodate the changes. Monitoring network traffic provides a non-intrusive and yet reliable approach to detecting changes as well as identifying anomalies.
Network-based monitoring can be used in conjunction with endpoint monitoring to get a more complete view. In many situations network-based monitoring can be used to pinpoint applications and devices for/on which endpoint monitoring has been turned off either inadvertently or maliciously, or where endpoint monitoring cannot be implemented.
Once bad actors get a footprint on a system they typically attempt to turn off or work around endpoint monitoring agents. Monitoring network traffic provides a consistent and reliable stream of telemetry data in many of these scenarios for threat detection and compliance.
As organizations are being forced to turn towards the work-from-home paradigm, the need to rapidly scale applications and infrastructure will continue to put stress on different teams within the organization. Pandemic or no, some of these changes will become permanent. In other words, in many cases there may not be a “going back to how it used to be”. Embracing the move to a zero trust framework will help ensure that as organizations adapt to a new normal, security continues to keep pace and serves as an umbrella of protection within which agility and innovation thrive.
Headlines: Stitt Activates National Guard, Record Madical Marijuana Sales & McKnight Center Season
Total Market Cap Breaks Critical Resistance Level: Altcoin Season 2020 Incoming?
Most Wanted: US Authorities Place $5M Bounty On The Man Behind Venezuela’s Petro Cryptocurrency
Ethereum Options Volume hits new ATH
Chart: Florida’s medical cannabis market booms despite pandemic, US economic woes
Western Union (WU) Stock Rises 8% in Pre-market as Company Offers to Buy Ripple’s MoneyGram
Why VPNs Are Necessary for the Safety of Your Cryptocurrencies
Asset Manager Timothy Peterson Reveals Why Bitcoin is Likely to Hit $1 Million by 2027
What We’re Reading About The Past Week Of Protests
Chinese man arrested for growing cannabis in warehouse
Floyd family autopsy could help accused policeman’s defense, legal experts say
Looting continued in New York, military helicopters attempted to dispel protesters in DC and 4 officers in Missouri were hit by gunfire
Coronavirus Live Updates: Here’s What We Know After 6 Months of Covid-19
How Will Bitcoin Fit in the Great Monetary Expansion?
EU ‘appalled’ by Floyd’s death, warns against excess force
Five police shot during protests after Trump vows to bring in U.S. military
Curfews are not enough to keep the peace with protests, arrests coast to coast
SafeCharge Taps Visa to Roll Out New Digital Payment Services
Analyst Who Called 2019’s $6k Bitcoin Low Says Current Price Action Is “Pivotal”
Tezos, BAT, Dash Price Analysis: 02 June
Blockchain1 week ago
Mastercard Joins Accenture’s ID2020 Blockchain Alliance
Gaming1 week ago
‘Dragalia Lost’ 1.2.0 Is Now Live on iOS and Android Adding Shared Skills, The Royal Regimen, Onslaught Events, and More
Fintech1 week ago
Looking for a Kyckr: fintech biz launches placement
Cyber Security1 week ago
unc0ver – Advanced jailbreak tool that works on all Recent iOS versions since 2014
Startups6 days ago
Onboarding employees and maintaining culture in a remote work environment
Blockchain6 days ago
After Spiking to February 2018 Levels, Bitcoin Fees Have Dropped 54%
Fintech1 week ago
Smartpay (ASX:SMP) raises $13M to strengthen balance sheet
Fintech1 week ago
Fees drop at Raiz