How Denmark nulled record attacks on critical infrastructure The Register

Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Detailing the attack waves in a report, it revealed that 22 companies were breached in just a few days. Some were forced to enter island mode operation, where they had to disconnect from the internet and cut any other other non-essential network connections [ref PDF]. In almost all cases unpatched vulnerabilities in Zyxel firewalls meant compromise was possible, and in some the attackers appeared well-resourced, exploiting vulnerabilities that weren't publicly announced. The attacks are thought to have been carried out by multiple groups, and at least one was potentially the infamous Sandworm operation nestled in Russia's Chief Intelligence Office, said the researchers. Zyxel firewalls are used extensively by the organizations protected by SektorCERT and the vulnerabilities in these, announced in April, which allow remote attackers to gain complete control of the firewall without authentication, were blamed for most of the attacks. "This benefited the attackers and gave them weeks to carry out the attacks - even after SektorCERT via SektorForum had alerted all members and encouraged them to install the updates." The first wave of attacks started on May 11, targeting 16 energy organizations, all trying to exploit CVE-2023-28771. For the compromised 11, SektorCERT believes that this was the original reconnaissance phase of the attack, and likely only sent firewall configurations and credentials back to the attackers. As the devices weren't available for scanning on services like Shodan, SektorCERT said it's not clear how the attackers were able to identify the vulnerable firewalls. It also said the coordination in the first wave was "Remarkable" - an attack that required planning and large numbers of resources. After 10 days of silence, the second wave of the attacks began - this time one organization was already compromised but SektorCERT was only alerted after it started downloading firewall updates over an insecure connection, rather than at the point of initial compromise. This turned out to be an attack, believed to be carried out by a different actor, to use the organization's infrastructure as part of the Mirai botnet. The compromise was used to carry out DDoS attacks against two targets in the US and Hong Kong before the organization went into island mode to remediate the compromise. Zyxel publicized the two firewall-related CVEs two days later, and SektorCERT said it's possible these were known to the attackers beforehand. Toyota admits to yet another cloud leak Mirai reloads exploit arsenal as botnet embarks on another expansion drive DDoS-like attack brought down OpenAI this week, not just its purported popularity Critical infrastructure gear is full of flaws, but hey, at least it's certified. Just hours after the first Mirai attack, another was launched, again sending the organization into island mode operation. The final wave of attacks began on May 24 when SektorCERT received an alert that indicated advanced persistent threat traffic at one organization - the first of its kind ever seen in its three years of operation. The traffic was linked to an IP address that had previously been used by Sandworm, the Russian GRU cyber unit tied to a range of attacks but perhaps most infamous of all was NotPetya. Very little came of the Sandworm-linked attacks other than one organization losing visibility into three of its remote locations, which had to be manually addressed. "Danish, critical infrastructure is under constant cyber attack from foreign actors. Therefore, everyone who runs critical infrastructure should pay extra attention and ensure that the right measures are taken to be able to prevent, detect, and deal with these attacks." .

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to How Denmark nulled record attacks on critical infrastructure The Register

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
How Denmark nulled record attacks on critical infrastructure The Register - Danish critical infrastructure faced the biggest online attack in the country's history in May, according to SektorCERT, Denmark's specialist organization for the cybersecurity of critical kit. Detailing the attack waves in a report, it revealed that ...
1 year ago Theregister.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
3 months ago Cyberdefensemagazine.com
Russian Hackers Likely Not Involved in Attacks on Denmark's Critical Infrastructure - Russian state-sponsored APT actor Sandworm might have not been involved in last year's massive attack campaign against Denmark's critical infrastructure, cybersecurity firm Forescout says. The assaults occurred in May 2023 and resulted in the ...
1 year ago Securityweek.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
7 months ago Cisa.gov
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Attacks on critical infrastructure are harbingers of war: Are we prepared? - Recent attacks on several water authorities, such as Aliquippa and St. Johns River, are putting a new spotlight on the need to protect critical infrastructure. In war, to bring a nation to its knees, attacks against power and water inflict the most ...
1 year ago Scmagazine.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
11 months ago Cisa.gov
Pro-Russian DDoS Attacks Alarm Denmark and US - Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups have caused alarm in the US and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it ...
1 year ago Therecord.media
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
1 year ago Darkreading.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
7 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
7 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
8 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
3 months ago Tenable.com
Geopolitical tensions escalate OT cyber attacks - In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware ...
9 months ago Helpnetsecurity.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
1 year ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)