CSC News Table of Contents
The exploited flaws and HiatusRAT campaign have triggered heightened alerts from CISA and the FBI, urging organizations to act quickly. These vulnerabilities pose significant threats, with active exploitation targeting critical systems, including routers, IoT devices, and corporate networks.
The warnings highlight the dangers of unpatched vulnerabilities, as threat actors are using sophisticated tools and tactics to compromise devices worldwide.
Let’s explore what these flaws are, how they are being exploited, and the steps you can take to protect your systems.
Key Takeaway to Exploited Flaws and HiatusRAT Campaign:
- Immediate action is needed to address these vulnerabilities to avoid severe system breaches.
Newly Exploited Flaws Added to CISA’s KEV Catalog
CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation:
| Vulnerability | Details | Patch Status |
|---|---|---|
| CVE-2024-20767 | Adobe ColdFusion access control flaw enabling attackers to access restricted files via exposed admin panels. | Patched (March 2024) |
| CVE-2024-35250 | Microsoft Windows Kernel-Mode Driver flaw allowing privilege escalation through untrusted pointer dereference. | Patched (June 2024) |
Both vulnerabilities have public proof-of-concept (PoC) exploits, making them particularly dangerous for systems that remain unpatched.
HiatusRAT Campaign Expands Scope
The FBI has issued a warning about the expansion of the HiatusRAT campaign. Initially targeting edge network devices like routers, this campaign now scans IoT devices, including web cameras and DVRs, for vulnerabilities.
The HiatusRAT operators exploit weaknesses such as:
- CVE-2017-7921
- CVE-2018-9995
- CVE-2020-25078
The campaign also uses tools like Ingram and Medusa for brute-force attacks and authentication cracking. Countries affected include the U.S., the U.K., Australia, and Canada.
DrayTek Routers Exploited in Ransomware Campaigns
Forescout Vedere Labs uncovered a ransomware campaign exploiting DrayTek routers, affecting over 20,000 devices. This operation used a suspected zero-day vulnerability to infiltrate networks, steal credentials, and deploy ransomware.
Key details of the campaign include:
| Threat Actor | Activity |
|---|---|
| Monstrous Mantis | Discovered and exploited the vulnerability, enabling network infiltration and credential theft. |
| Ruthless Mantis | Used stolen credentials to carry out ransomware attacks. |
| LARVA-15 | Sold access to compromised networks to other cybercriminals. |
The attacks deployed ransomware families such as RagnarLocker, Nokoyawa, and Qilin, causing significant financial and operational disruptions.
Risks of Exploited Flaws and HiatusRAT Campaign
The exploited flaws and HiatusRAT campaign highlight the severe risks posed by unpatched systems:
| Risk | Impact |
|---|---|
| Unauthorized Access | Attackers can gain control of critical systems and devices. |
| Data Theft | Sensitive information, including credentials, may be stolen. |
| Ransomware Deployment | Malicious actors can encrypt files and demand ransom payments. |
| Network Downtime | Compromised systems may experience operational disruptions. |
Future Implications
As cyberattacks grow more sophisticated, it’s crucial to anticipate an increase in campaigns like HiatusRAT. Organizations must adopt a proactive approach by patching vulnerabilities promptly and enhancing their cybersecurity defenses.
Similar campaigns in the past, such as the SolarWinds attack, underscore the long-term implications of unpatched systems.
About CISA and FBI
- CISA: The Cybersecurity and Infrastructure Security Agency helps safeguard federal and private organizations from cyber threats. Visit their website for more information.
- FBI: The Federal Bureau of Investigation investigates and mitigates cybercrime. Learn more on their official page.
Rounding Up
The exploited flaws and the HiatusRAT campaign serve as a stark reminder of the need for vigilance in cybersecurity. With threat actors leveraging unpatched vulnerabilities and zero-day exploits, organizations must prioritize system updates and strengthen their defenses.
Failure to act could result in severe financial losses, operational downtime, and long-term reputational damage. Stay informed, act swiftly, and ensure your systems are secure.
FAQs
What are the vulnerabilities recently added to CISA’s KEV catalog?
- Adobe ColdFusion CVE-2024-20767 and Microsoft Windows Kernel-Mode Driver CVE-2024-35250.
What is the HiatusRAT campaign?
- A malicious operation targeting routers and IoT devices to exploit vulnerabilities and steal data.
How are DrayTek routers being exploited?
- Threat actors use a suspected zero-day vulnerability to infiltrate networks, steal credentials, and deploy ransomware.
What steps can I take to protect my systems?
- Patch known vulnerabilities, monitor network activity, and strengthen password policies.
Why are unpatched systems risky?
- They provide attackers with easy access to sensitive data and critical systems, increasing the likelihood of breaches.
