Attacks

It is highly recommended to implement and maintain a regular patching cycle for all devices in an organization and particularly devices that are Internet-facing. Vice Society exploits vulnerabilities to both gain an initial foothold into an environment as well as escalating privileges on infected systems. By making sure all devices are up-to-date on patches consistently, an organization can help prevent threat actors like Vice Society from being able to gain a foothold into an environment.…

Medibank plans to aid their customers moving forward by providing some resources free of charge, those include: • Financial support for customers who are in a uniquely vulnerable position because of this crime.• Free identity monitoring services for customers who have had their primary ID compromised• Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime.• Specialist identity protection advice and resources from IDCARE.• Medibank’s mental health and wellbeing…

Fake accounts, fake job offers, and phishing attacks are all common tactics of threat actors using LinkedIn to target individuals. Threat actors may message individuals asking them to visit a company site which is reality, a fake site designed to steal credentials. Users should always be cautious if sent an external link on LinkedIn. Additionally, users should be wary of any files sent on LinkedIn from unknown users — threat actors will often use this…

As always, it is highly recommended to patch any appliances using vulnerable versions of software and to implement a plan for regular updates.In the event that applying the official patch is not immediately feasible, VMware has also released a temporary workaround: https://kb.vmware.com/s/article/89809 https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-cloud-foundation-remote-code-execution-bug/

The U.S. cybersecurity agency also strongly urged all organizations worldwide to prioritize patching these security bugs, even though BOD 22-01 only applies to U.S. FCEB agencies. Organizations are recommended to create a patch management policy to verify that all current systems are kept up to date. https://www.bleepingcomputer.com/news/security/cisco-warns-admins-to-patch-anyconnect-flaw-exploited-in-attacks/

Researchers at BlackBerry noted, “this campaign is a good example of the blurred line between cybercrime-motivated threat actors and targeted attack threat actors” and it highlights the difficulty of attribution in many campaigns. In the past, the activities of the two groups of threat actors had been largely independent, with targeted attack threat actors relying on custom tooling while cybercrime-motivated threat actors would typically rely on traditional tooling. However, as time goes on and traditional…