Top Cybersecurity Threats of 2024: Nation-State Actors and Malicious Hackers Exposed
1. Fortinet Flaw Zero-day’d by Nation State Actors
Fortinet warned in October 2024 about a critical (CVSS 9.8/10) remote code execution (RCE) vulnerability, tracked as CVE-2024-47575, in its FortiManager platform. This flaw, actively exploited by attackers, allows exfiltration of sensitive data like IP addresses, credentials, and configurations. No malware or backdoors were found, but it is linked to nation-state actors, specifically China-backed Volt Typhoon, who have used similar Fortinet vulnerabilities for cyber espionage.
Fortinet’s vulnerability was exploited in the wild, and its severity is reflected in its CVSS score, indicating a high risk of exploitation. The attack vector involves exploiting the RCE vulnerability, which enables attackers to remotely execute arbitrary code on the affected system, allowing them to access and exfiltrate sensitive data.
2. Check Point Bug Enabled Iranian Hacks
In August, CISA issued a warning about a critical flaw (CVE-2024-24919) in CheckPoint’s security gateway software. This vulnerability, with a high CVSS score (8.6/10), allows attackers like Pioneer Kitten and Peach Sandstorm, Iranian hacker groups, to exploit information disclosure weaknesses in the company’s security solutions.
The vulnerability was actively exploited in the wild, allowing attackers to access sensitive data from systems using VPN and mobile access blades. The exploitation of this vulnerability highlights the importance of timely patching and the need for robust security measures to prevent such attacks.
3. Ivanti Connect Flaws Found Chinese Abuse
In December 2023, researchers uncovered two chained zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti’s Connect Secure and Policy Secure gateways. These flaws were exploited by Chinese state-sponsored actors, allowing unauthenticated remote code execution, which enables attackers to steal configurations, alter files, and set up reverse tunnels from compromised VPN appliances.
The campaign targeted critical sectors like healthcare and manufacturing, with attackers leveraging advanced lateral movement and persistence techniques to access intellectual property and sensitive data. The exploitation of these vulnerabilities highlights the risks of unpatched enterprise software, with Ivanti scrambling to release mitigations while working on patches.
Conclusion
The above-mentioned threats demonstrate the evolving nature of cyber attacks, with nation-state actors and malicious hackers continually developing new techniques to exploit vulnerabilities. It is crucial for organizations to prioritize security, keep their software up-to-date, and implement robust measures to prevent such attacks. Timely patching, regular vulnerability assessments, and advanced threat detection are essential in the fight against cyber threats.
FAQs
Q: What is the CVSS score for the Fortinet vulnerability?
A: The CVSS score for the Fortinet vulnerability is 9.8/10, indicating a high risk of exploitation.
Q: Which Iranian hacker groups were involved in exploiting the Check Point bug?
A: The Iranian hacker groups involved in exploiting the Check Point bug are Pioneer Kitten and Peach Sandstorm.
Q: What sectors were targeted by the Ivanti Connect flaws?
A: The Ivanti Connect flaws targeted critical sectors like healthcare and manufacturing.
Q: What were the consequences of the Ivanti Connect flaws?
A: The flaws allowed attackers to steal configurations, alter files, and set up reverse tunnels from compromised VPN appliances, enabling them to access intellectual property and sensitive data.
