fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Census Bureau Hacked in January 2020 Using Citrix Exploit

US Census Bureau Hacked in January 2020 Using Citrix Exploit

US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report.

“The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks,” the OIG said.

“During the attack on the remote-access servers, the Bureau’s firewalls blocked the attacker’s attempts to communicate from the remote-access servers to its command and control infrastructure as early as January 13, 2020.

“However, the Bureau was not aware that the servers had been compromised until January 28, 2020, more than 2 weeks later.”

Attack only partially successful

While the attackers were able to breach the Bureau’s servers and set up rogue admin accounts that would allow them to execute malicious code remotely, they could not deploy backdoors to maintain access to the servers and achieve their goals.

According to the OIG, the Bureau failed to mitigate the critical vulnerability exploited in the attack, leaving its servers vulnerable.

After their servers were compromised, the Bureau also failed to discover and report the attack on time. It also didn’t maintain sufficient system logs, hindering the incident investigation.

“As the Census Bureau and the OIG both concluded following this incident, there were no indications of compromise on any 2020 Decennial Census systems nor any evidence of malicious behavior impacting the 2020 Decennial counts,” responded in a reply to OIG’s review of the incident.

“Furthermore, no systems or data maintained and managed by the Census Bureau on behalf of the public were compromised, manipulated, or lost because of the incident highlighted in the OIG’s report.”

Also Read: Protecting Data Online in the New Normal

Attackers exploited a critical Citrix flaw

A US Census Bureau spokesperson told BleepingComputer to see the agency’s response to OIG’s report when contacted for comment, and that’s where we found the info needed to identify the attack vector the hackers used to compromise the Bureau’s servers.

While OIG’s report was redacted to remove all mentions of the exploited vulnerability and the name of the software vendor, the Census Bureau’s response to OIG’s inquiries surrounding the attack was left untouched, revealing that the redacted vendor is Citrix.

“Due to circumstances outside the Bureau’s control—including a dependency on Citrix engineers (who were already at capacity supporting customers across the Federal government who had realized greater impacts from the January 2020 attack) to complete the migration, and the COVID-19 pandemic—the migration was delayed,” the Bureau said.

This, coupled with OIG mentioning that the vulnerability was disclosed on December 17, 2019, made it possible to precisely pinpoint it as CVE-2019-19781, a critical bug affecting Citrix’s Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP appliances.

Successful CVE-2019-19781 exploitation could enable remote attackers to execute arbitrary code on unpatched servers and gain access to an organization’s internal network without requiring authentication.

Image: BleepingComputer

Exploited Citrix bug still under active exploitation

Citrix disclosed the security flaw and provided mitigations on December 17, 2019, and released security updates to address it for all impacted products on January 24, 2020.

However, proof-of-concept exploits for CVE-2019-19781 were made public two days after scans for vulnerable Citrix servers were detected on January 8.

Threat actors jumped at the occasion and began attacking unpatched Citrix servers, with security researchers observing them deploy malware on compromised servers, including Sodinokibi and Ragnarok ransomware payloads.

The DoppelPaymer ransomware gang also exploited the same bug in February to breach the network of Bretagne Télécom, a privately held French cloud hosting and enterprise telecommunications company.

Since then, CVE-2019-19781 has been included by the FBI on its list of top targeted vulnerabilities of the last two years and by the NSA in the top five vulnerabilities actively abused by Russian-sponsored state hackers.

Also Read: What Is Social Engineering And How Does It Work?

Government advisories mentioning CVE-2019-19781 include:Mitigate CVE-2019-19781APT29 targets COVID-19 vaccine development, and Detect and Prevent Web Shell Malware.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us