Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 & CVE-2024-37080) affecting vCenter Server and Cloud Foundation. These vulnerabilities stem from a heap-overflow issue in the implementation of the DCERPC protocol which can be exploited by remote threat actors. By sending specially crafted network packets, threat actors could exploit CVE-2024-37079 and CVE-2024-37080 to achieve Remote Code Execution (RCE) on both vCenter Server and Cloud Foundation systems.

On June 19, 2024, CDK Global notified customers that a cyber incident had led to a shutdown of its systems, significantly impacting car dealerships across the United States. CDK Global serves nearly 15,000 dealership locations, and the incident caused substantial disruption, forcing car dealerships to halt operations and revert to manual processes. Dealerships were initially notified about the incident around 2AM Eastern time on June 19, 2024, with an update at 8AM confirming the incident.

In 2023, the FBI’s Internet Crime Complaint Center (IC3) received 21,489 BEC complaints with adjusted losses over $2.9 billion USD, according to their 2023 Internet Crime Report. By way of comparison, ransomware, the cyber attack that grabs all the headlines and keeps IT and security teams up at night, accounted for only 2,825 complaints, with adjusted losses of less than $60 million USD.

Since April 2024, Arctic Wolf has been tracking an ongoing campaign by Black Basta ransomware group affiliates leveraging Microsoft’s Quick Assist for initial access. The Black Basta affiliates have been conducting vishing (voice phishing) attacks by impersonating IT or help desk personnel, claiming they need to fix an issue on the victim’s device. In other instances, the threat actors leverage an email bomb attack to flood the victim’s mailbox with emails from subscription services.

Cybersecurity compliance is complicated. As industry standards change and evolve with new technology, so do compliance requirements. Depending on your organization’s operations, industry, or even location, compliance could mean adhering to multiple frameworks and reporting to multiple governing bodies. In fact, 67% of organizations surveyed by Arctic Wolf follow between one to three sets of guidelines.

While often considered a newer threat, and rightly so given its fast-rising dominance among the cybercrime landscape, ransomware is not a recent innovation in the ongoing cyber war. It stretches back decades to the early days of the internet, email, and even floppy discs.

On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat.

On May 31st, 2024, a Proof of Concept (PoC) exploit and technical analysis were published for a pre-authentication Remote Code Execution (RCE) exploit chain impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations.

Where there is money, there are cybercriminals trying to take it. This is especially true for credit unions, which deal with both financial information and the personal identifying information (PII) of every member and connected institution. They are a digital vault of data and dollars and threat actors are all too ready to crack the safe.

On May 27, 2024, Check Point released hot fixes for an information disclosure vulnerability being leveraged by threat actors to target Check Point VPNs. This vulnerability was labeled as CVE-2024-24919 and is rated as high severity, as a remote threat actor can exploit the vulnerability to access information on Gateways connected to the Internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled.