The Week in Security: CISA alerts on open source tool, SBOMs are just the first step – Security Boulevard

Posted on by

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: APT groups targeted a defense industrial base sector organization, why SBOMs are a great first step, and more.

A new U.S. Cybersecurity and Infrastructure Security Agency (CISA) Alert (AA22-277A) shares that advanced persistent threat (APT) activity was found on the enterprise network of a U.S. Defense Industrial Base (DIB) sector organization. The known activity took place from November 2021 to January 2022, and was tracked by CISA with the help of a trusted third-party organization. CISA asserts that multiple APT groups gained access to this network, some over a long period of time. The Alert also reports that these actors used an open-source toolkit called Impacket to expand their foothold in the network and compromise it.

The effort on behalf of CISA and the trusted third-party was an incident response engagement plan. The effort found that certain APT groups gained access to the organizations Microsoft Exchange Server in early 2021. However, they have not yet determined how these groups gained access to the network. Once granted access, the APT groups used a compromised administrator account, allowing them to access the networks EWS Application Programming Interface (API) twice, while connected to a VPN.

After accessing the EWS API, the threat actors used Window Command Shell over a 3-day period, allowing them to interact with the organizations network, including the collection of sensitive data. It was in this same period that the APT groups utilized Impacket to move laterally across systems. The Alert defines Impacket as a Python toolkit for programmatically constructing and manipulating network protocols on another system.

The response effort believes that the APT groups were able to maintain access to the network until January 2022 with the use of legitimate login credentials.

CISAs Alert lists tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IoCs) related to this incident. CISA, along with the FBI and NSA, advise that any DIB sector or critical infrastructure organization take the necessary precautions listed in the Alert in order to manage this cyber threat.

Here are the stories were paying attention to this week

Having a Bill of Materials is nothing new in the traditional Supply Chain Management (SCM) process, and it shouldnt be any surprise and makes perfect sense to apply this same concept to software.

The Egypt Financial Cybersecurity Framework uses the most common, and well-respected frameworks into one unified source. Rather than attempting to cross-reference all the frameworks to each other, the CBE choses the best practices from each, creating a new document for use in the financial sector.

TheFederal Bureau of Investigation(FBI) and CISA have published a joint public service announcement. It assesses that malicious cyber activity aiming to compromise election infrastructure is unlikely to result in large-scale disruptions or prevent voting.

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks.

SaaS security provider Legit Security today announced the launch of Legitify, a new open-source security tool designed to help enterprises secure their GitHub implementations. The solution will enable security and devops teams to scan GitHub configurations at scale and ensure the integrity of open-source software.

*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Carolynn van Arsdale. Read the original post at: https://blog.reversinglabs.com/blog/the-week-in-security-cisa-alerts-on-open-source-tool-sboms-are-just-the-first-step

Link:
The Week in Security: CISA alerts on open source tool, SBOMs are just the first step - Security Boulevard

Related Posts
This entry was posted in $1$s. Bookmark the permalink.