Insights

We continue our lookback at the biggest cyber attacks of 2024… so far. Read Part one HERE

Severity: Critical
CVSSv3 Score: 9.8 
Date: Oct 23, 2024

If you were to look at a stock image of a hacker, it would show a hooded figure hunched over the desk who’s lost in the sea of green text and numbers that flash across the screen.

As 2024 draws to a close, numerous high-profile cyber incidents have dominated the headlines. With only two and a half months remaining and the Christmas season approaching, it's likely we'll see even more before year’s end. In this blog, the Integrity360 Incident Response team explores some of the most significant cyber attacks of the year... so far.

Overview: Ivanti has released updates for Ivanti CSA (Cloud Services Application) which addresses a medium severity and two high severity vulnerabilities. Exploiting these vulnerabilities effectively enables remote attackers to execute SQL statements through SQL injection, run arbitrary code via command injection, and bypass security restrictions by taking advantage of a path traversal weakness in vulnerable CSA gateways, which provide secure access to internal network resources for enterprise users.

Fortinet –  CVE-2024-23113 (CVSS score: 9.8)

This vulnerability was initially published on 08 February 2024.

Overview: A newly reported vulnerability in the Common Unix Printing System (CUPS) poses a significant security threat to UNIX-based systems, including Linux and macOS. Security researcher Simone Margaritelli has published the first of a series of blog posts detailing the issue, which can be exploited by sending a specially crafted HTTP request to the CUPS service. This vulnerability allows remote attackers to gain access to affected systems and execute arbitrary code, potentially escalating privileges and compromising critical assets.

The legal sector has seen a dramatic 77% increase in successful cyber attacks over the past year, with incidents rising from 538 in 2022/23 to 954 in 2023/24. This rise is largely due to the sensitive and valuable nature of the information that law firms hold, making them prime targets for cybercriminals.

The PCI Council has released valuable insights on Vulnerability Scans & ASV Guidance, particularly beneficial for SAQ A merchants.

In a recent incident, a prominent cyber security company discovered they had inadvertently hired a North Korean operative posing as an IT professional. This individual, using various AI tools, managed to infiltrate the company by joining as an employee, accessed its systems and attempted to plant malware. The incident has brought to light the increasing sophistication of cyber threats during the recruitment process. If a major cyber security firm can fall victim, other less security-savvy organisations face even greater risks and underscores the necessity for robust verification processes and heightened vigilance in recruitment.

Crowdstrike have now published their preliminary post incident report (PIR) into the issue that impacted 8.5m Windows hosts. Their preliminary report is available in full on the CrowdStrike website:https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/)

Issue Overview and Impact