Nozomi Networks OT/IoT Security Report
Nozomi Networks has released their semi-annual OT/IoT Security Report, covering the threat and vulnerability landscape for the first half of 2022. In this report, they break down the threat landscape, including:
- A review of the current state of OT/IoT cybersecurity
- Trends in the threat landscape (plus timeline), and solutions for addressing them
- A recap of the Russia/Ukraine crisis, highlighting new malicious tools and malware introduced, as well as how this conflict can give insights into attacker capabilities
- Insights into Internet of Things (IoT) botnets, corresponding Indicators of Compromise (IoCs) and threat actor Tactics Techniques and Procedures (TTPs)
- Key threat mitigations and a forecast of what to expect for the rest of 2022
This report arms security professionals with the latest insights needed to re-evaluate risk models and security initiatives, along with actionable recommendations for securing organization’s networks.
Are you interested in reading the report? The executive summary can be read here: OT/IoT Security Report. Cyber War Insights, Threats and Trends, Recommendations (nozominetworks.com) In case you are interested in the whole 28-page OT/IT security report, the report has to be downloaded here: New OT/IoT Security Report (nozominetworks.com)
Data exfiltration via bookmark syncing
Bookmark synchronization has become a standard feature in modern browsers: It gives Internet users a way to ensure that the changes they make to bookmarks on a single device take effect simultaneously across all their devices. However, it turns out that this same helpful browser functionality also gives cybercriminals a handy attack path. Bookmarks can be abused to siphon out reams of stolen data from an enterprise environment, or to sneak in attack tools and malicious payloads, with little risk of being detected. This discovery was made within research into how attackers can abuse browser functionality to smuggle data out from a compromised environment and carry out other malicious functionality. In a recent Paper, David Prefer, an academic researcher at the SANS Technology Institute, described the process as „bruggling“ — a portmanteau of browser and smuggling. It’s a novel data exfiltration vector that he demonstrated with a proof-of-concept (PoC) PowerShell script called „Brugglemark“ that he developed for the purpose.
The entire insight on bruggling can be read in this article: Chromium Browsers Allow Data Exfiltration via Bookmark Syncing (darkreading.com)
Malware campaign in thousands of GitHub repos
To distribute the malware, genuine open-source projects are forged as copies. The malware code is submitted and distributed via seemingly harmless pull requests. Lacy recommends a review of the code cloned from GitHub and that maintainers use GPG signatures for code in their project. According to GitHub, their security team has already begun removing the code from the platform.
Interested in more information? Here two of our trusted sources:
- 35,000 code repos not hacked—but clones flood GitHub to serve malware (bleepingcomputer.com)
- Gut getarnte Malware-Kampagne in Tausenden Github Repos (golem.de)
Patch priority index July 2022
First on the patch priority list by Tripwire are patches that resolve two vulnerabilities in Edge. Next is a patch that resolves a security feature bypass vulnerability in Office. A summary of the patches and corresponding vulnerabilities is published here: Tripwire Patch Priority Index for July 2022 (tripwire.com).
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.