On Thursday, the NSA reported that Russian intelligence is exploiting 5 particular vulnerabilities against US and western targets. The stepping-up in cyber attacks may be affiliated with recent actions by the American and German governments against recent Russian military build-up on the Ukrainian border. In fact, Russia has a history of launching cyber operations in tandem with conventional military actions (check out this article we wrote on the topic – it's been a while, but the base concepts remain). With the recent US sanctions, we can probably expect Russian cyber attacks to increase in the coming weeks.
The software vulnerabilities in question were all previously exploited, and you can look at previous CYR3CON blogs and see our earlier articles and videos on them. The vulnerabilities in question are:
In today’s video, we go over all five – what intelligence was available prior to the NSA’s warning, and also look at some other recent threat intelligence has been reported. For example, several Russian sources wrote of the Cring ransomware gang using exploits for CVE-2018-13379 in early April. Check out today’s video blog for a complete summary.
NSA Tweet on the 5 vulnerabilities currently being exploited by Russian intelligence
Summary of CYR3CON information on the 5 vulnerabilities. Note that the platform has been predicting/tracking all vulnerabilities not only in advance of the NSA’s advisory, but prior to initial exploitation as well.
Example intelligence on CVE-2018-13379. Note the April reporting on ransomware targeting of manufacturing.
Vulnerability management requires accurate prediction. Get this level of intelligence on the vulnerabilities that impact your business. Add PR1ORITY to your processes and reduce risk today.