The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued alerts concerning new vulnerabilities being actively exploited by cyber attackers and expanding cyber campaigns targeting a range of devices and systems. These combined efforts by the two agencies highlight the complexity and evolving nature of cybersecurity threats that affect various sectors, from government entities to private enterprises. With this announcement, both agencies aim to alert IT professionals, security experts, and the general public about the imminent risks associated with these newly identified vulnerabilities and the necessity for prompt action.
CISA has added two new security flaws, identified as CVE-2024-20767 and CVE-2024-35250, to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. CVE-2024-20767 impacts Adobe ColdFusion and poses a significant risk by allowing attackers to access or modify restricted files via an internet-exposed admin panel. Meanwhile, CVE-2024-35250 affects the Microsoft Windows Kernel-Mode Driver, granting local attackers the capability to escalate privileges. Both vulnerabilities have available patches, and CISA strongly recommends that federal civilian executive branch (FCEB) agencies remediate these flaws by January 6, 2025, to prevent potential exploitation.
Expanding HiatusRAT Campaigns: A Broader Threat Landscape
In addition to CISA’s warnings, the FBI has also raised alerts about the expansion of HiatusRAT campaigns targeting Internet of Things (IoT) devices, particularly web cameras and DVRs manufactured by companies such as Hikvision, D-Link, and Dahua. These cyber campaigns have spread to several countries, including the United States, Australia, Canada, New Zealand, and the United Kingdom. The attackers exploit a series of vulnerabilities, including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260, as well as weaknesses in vendor-supplied passwords, to gain unauthorized access and launch their attacks.
The FBI’s alert signifies the growing sophistication of cyber attackers who are leveraging these vulnerabilities to infiltrate IoT devices. By exploiting these weaknesses, attackers can gain control over highly sensitive devices and systems, allowing them to perform activities such as spying, capturing sensitive information, or launching further attacks from compromised devices. As these campaigns continue to expand, the need for stringent security measures, including the regular updating of firmware and the use of strong, unique passwords, becomes more critical to prevent these types of penetrations.
Analyzing Ransomware Campaigns and DrayTek Router Vulnerabilities
Further troubling findings come from cybersecurity firms Forescout Vedere Labs and PRODAFT, which shed light on ransomware campaigns exploiting vulnerabilities in DrayTek routers. Between August and September 2023, over 20,000 DrayTek Vigor devices were targeted using a suspected zero-day vulnerability. These attacks were executed by three distinct groups known as Monstrous Mantis, Ruthless Mantis, and LARVA-15, with Monstrous Mantis initially exploiting the vulnerability and subsequently sharing access with its partners.
The attacks involved highly sophisticated workflows that eventually led to the deployment of multiple ransomware families, including RagnarLocker, Nokoyawa, RansomHouse, and Qilin. Ruthless Mantis alone reportedly compromised at least 337 organizations, predominantly in the United Kingdom and the Netherlands. The revelation of these collaborative attacks emphasizes the increasing complexity of cyber threats and the necessity for organizations to adopt a proactive stance in their cybersecurity practices to mitigate potential damages.
Addressing and Mitigating Vulnerabilities in the Cybersecurity Landscape
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued alerts about new vulnerabilities being actively exploited by cyber attackers who are broadening their targets. These joint alerts from the two agencies underscore the complex and ever-changing nature of cybersecurity threats impacting diverse sectors, including both government bodies and private companies. This announcement aims to inform IT professionals, security specialists, and the general public of the pressing dangers posed by these newly discovered vulnerabilities and the need for immediate action.
CISA has added two new security flaws, CVE-2024-20767 and CVE-2024-35250, to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploits. CVE-2024-20767 is a critical flaw in Adobe ColdFusion that permits attackers to access or alter restricted files via an internet-exposed admin panel. CVE-2024-35250 impacts the Microsoft Windows Kernel-Mode Driver, enabling local attackers to elevate their privileges. Both security issues have patches available, and CISA strongly advises all federal civilian executive branch (FCEB) agencies to address these flaws by January 6, 2025, to prevent possible exploitation.