icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Chinese Spies Hack Dutch Networks With Novel Coathanger Malware

Summary:
A new report from the Dutch Military Intelligence and Security Service (MIVD) highlights a campaign that took place last year, where Chinese state-backed actors were able to infiltrate Dutch defense networks and steal sensitive information. In this case, the actors exploited a zero-day flaw in FortiOS SSL-VPN that was disclosed in December 2022, to gain initial access to the targeted systems. This initial access was followed by the deployment of a stealthy remote access Trojan dubbed Coathanger, capable of hiding itself by hooking system calls and surviving reboots and firmware upgrades. MIVD says the cyber-espionage attempt was stopped in its tracks and limited as the victim environment was properly segmented.

Security Officer Comments:
The latest report indicates a trend of actors targeting edge devices such as VPNs, email servers, and firewalls, which are commonly connected to the internet and not properly segmented. As of recently, actors are taking advantage of a set of zero-days in Ivanti Connect secure and Policy secure gateways to compromise VPN appliances and deploy malicious backdoors for persistent access. Despite patches being released, many publicly facing instances have yet to receive these updates, enabling actors to launch opportunistic attacks.

Suggested Corrections:
The Dutch intelligence services advised organizations to mitigate edge device threats by:

  • Regularly perform a risk analysis on edge devices. For example, when functionalities are added.
  • Limit internet access from edge devices by disabling unused ports and functionalities. In addition, do not make the management interface accessible from the Internet.
  • Regularly perform analyzes on the logging to detect anomalous activity. This includes login attempts at strange times, unknown (foreign) IP addresses or unauthorized configuration changes. Forward the logging to a secure, separate environment so that its integrity is guaranteed.
  • Install the latest security updates as soon as possible when they are made available by the vendor. In addition, take advantage of possible additional protection measures made available by suppliers.
  • Replace hardware and software that is no longer supported by the supplier.

Link(s):
https://www.infosecurity-magazine.com/news/chinese-spies-hack-dutch-1/
https://www.ncsc.nl/actueel/nieuws/...nadrukt-aanhoudende-interesse-in-edge-devices

Contact Us for Threat Assistance
Back to Current Threats