Rewterz Threat Advisory – Zimbra Collaboration And Zimbra Collaboration Suite (ZCS) Vulnerabilities – Exploit in the Wild
August 12, 2022Rewterz Threat Advisory – ICS: Siemens SICAM devices Vulnerability
August 13, 2022Rewterz Threat Advisory – Zimbra Collaboration And Zimbra Collaboration Suite (ZCS) Vulnerabilities – Exploit in the Wild
August 12, 2022Rewterz Threat Advisory – ICS: Siemens SICAM devices Vulnerability
August 13, 2022Severity
High
Analysis Summary
Employees at all levels are responsible for protecting the company from cybersecurity threats, yet threats multiply swiftly and employee education takes time. Every day, hundreds of sites post-breach notifications, rising threats, and new vulnerability alerts. There is always a need to have proper resources or capacity to stay up to date on every possible or potential source of threat intelligence.
Rewterz Threat Advisories keeps you up to date on the newest cybersecurity threats, cyber attacks, cyber events, and reported vulnerabilities that may have an impact on your organization. Organizations can take measures by helping their staff and customers informed and take the necessary precautions to mitigate the risk of the cyber attacks by using constant notifications.
Another reason to be extremely cautious and vigilant is that Pakistan’s most important day, Independence Day, is approaching (14th August). There is a major possibility that the Indian hackers might attempt to attack Pakistani websites or portals of some key ministries on the day the country will celebrate its 75th Independence Day.
- Previously, On Pakistan’s 70th anniversary of independence, Indian hackers hacked multiple government websites and uploaded the Indian flag and anthem, according to Pakistan Telecommunication Authority authorities.
- Also in 2015, a group of anonymous Indian hackers, called ‘Hell Shield Hackers’, claimed on Saturday to have taken down around 100 Pakistani business websites as a “tribute to Indian jawans” on the occasion of Independence Day.
- In 2021, Hackers attacked Pakistan’s largest data center run by the Federal Board of Revenue (FBR) and managed to break the hyper-V software by Microsoft, bringing down all the official websites operated by the tax machinery.
Many of these hackers and Indian APT Groups have previously attempted to hack and target various government and official websites belonging to the Foreign Office and public organizations. The frequent cyber security recommendations and cyber alerts for officials need to be followed by every organization, including private and government sectors, to avoid further threats.
Impact
- Cyber Warfare
- Cyber Crime
Recommendations
Useful mitigation techniques include:
- Passwords – Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
- Admin Access – limit access to administrative accounts and portals to only relevant personnel and make sure they are not publicly accessible.
- WAF – Web defacement must be stopped at the web application level. Therefore, set up a Web Application Firewall with rules to block suspicious and malicious requests.
- Patch – Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Secure Coding – Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- 2FA – Enable two-factor authentication.
- Antivirus – Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets
- Employee Training – Employees should be well-versed in social engineering tactics and threats, and how to defend against them. Seminars, training, and employee orientations of cybersecurity best policies and threats is crucial.
- Security Best Practices – Do not open emails and attachments from unknown or suspicious sources.
- Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Do not download document ?les attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enforced Access Management Policies
- Terminate all accounts associated with an employee or contractor immediately upon dismissal.
- Prohibit password sharing
- Do not use the same password for multiple platforms, servers, or networks.
- Restrict installation of untrusted 3rd Party application
- Maintain daily backups of all computer networks and servers.
Rewterz offers a variety of data protection and recovery solutions that ensure your organization’s data recovery from destructive cyberattacks.