On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, identifying three flaws currently being actively exploited. This addition underscores the persistent threat landscape faced by organizations, especially those in critical sectors.
Among the newly acknowledged vulnerabilities is CVE-2022-24990, which affects TerraMaster network-attached storage (TNAS) devices. This critical bug could enable unauthenticated remote code execution, granting attackers elevated privileges. The flaw was first disclosed in March 2022 by Octagon Networks, an Ethiopian cybersecurity research firm. Notably, a recent advisory from U.S. and South Korean authorities indicated that North Korean cyber actors are leveraging this vulnerability to deploy ransomware against healthcare and vital infrastructure frameworks.
CISA also flagged CVE-2015-2291, an unspecified vulnerability present in the Intel ethernet diagnostics driver for Windows. Exploitation of this flaw can lead to a denial-of-service state on affected devices. Last month, CrowdStrike revealed that malicious actors, specifically a group known as Scattered Spider, attempted to exploit this vulnerability using tactics labeled as “Bring Your Own Vulnerable Driver” (BYOVD). The intention behind this strategy is to bypass existing endpoint security solutions, though this particular attack did not succeed.
The third vulnerability added is CVE-2023-0669, a remote code injection flaw discovered in Fortra’s GoAnywhere MFT managed file transfer application. Although patches are now available, threat actors have been linked to exploiting this vulnerability by a ransomware group. This highlights a critical need for organizations to apply the required fixes promptly, as federal agencies face a deadline of March 3, 2023, to secure their networks.
Recent incidents, including the analysis from Huntress, illustrate a concerning trend in infection chains leading to malware deployment, specifically targeting systems with connections to groups like Silence and Evil Corp. Such links indicate a broader targeting strategy focusing on prominent cybercriminal organizations known for their financially motivated tactics.
The MITRE ATT&CK framework provides essential context for these threats, as tactics such as initial access, privilege escalation, and persistence appear relevant. The exploitation of these vulnerabilities not only represents a significant risk to data integrity but also poses a direct threat to the continuity of operations in sectors that are critical to national security and public welfare.
In light of these developments, it is imperative that business owners and IT leaders remain vigilant, continuously updating their defenses against evolving cyber threats. Engaging with cybersecurity resources and ensuring compliance with the latest security directives will be essential steps in mitigating the risk landscape presented by such vulnerabilities.
As the cybersecurity environment becomes more complex, proactive measures and awareness of the latest threats will be crucial for organizations to safeguard their systems effectively. Remaining informed will play a vital role in defense strategies against a growing array of adversary tactics in the cyber domain.