Ukraine Cyber Attack | Red Cross Breach Update | Half of All Sites Exposed

February 21st

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group


Ukraine Cyber Attack

To kick us off this week, we return to Ukraine who, for a plethora or reasons, have featured heavily in the news for the past few weeks and likely will for the foreseeable future. For now, let’s focus on how Ukraine last week experienced what they are calling the largest cyber attack in the country’s history.

Last Wednesday, the websites of Ukraine’s defence ministry, army, and the two largest Ukrainian banks were hit by attacks which according to a top Ukrainian cybersecurity official “bore traces of foreign intelligence services”. Ukraine’s Minister of Digital Transformation also commented, saying that:

“Vectors of attacks were organised from different countries [...] It is clear that it was prepared in advance, and the key goal of this attack is to destabilise, to sow panic, to do everything to create a certain chaos in the actions of Ukrainians in our country”.

Last Friday, a top cyber official in the United States commented that the US has evidence for the massive denial of service and SMS spam campaign having originated in Russia.

The Deputy National Security Advisor for Cyber, Anne Neuberger, said:

“We believe that the Russian government is responsible for widescale cyber attacks on Ukrainian banks this week.”

She cited a high volume of traffic from Russia’s GRU, its military intelligence service, to Ukrainian IP addresses and domains as evidence for an informal attribution.

With the ongoing situation in Ukraine continuing to develop, it’s likely that the country could experience further attacks over the coming weeks.

Source - Ukraine Cyber Attack - New York Times

Source - Ukraine Cyber Attack - Guardian

Source - Ukraine Cyber Attack - Reuters

Source - Ukraine Cyber Attack - SC Magazine

We believe that the Russian government is responsible for widescale cyber attacks on Ukrainian banks this week
Anne Neuberger, US Deputy National Security Advisor for Cyber

Red Cross Breach Update

A few weeks ago we discussed how the International Committee of the Red Cross had experienced a cyber attack. A month has passed since they found that servers hosting the personal data of over 515,000 people worldwide was hacked.

Investigations have been ongoing, but the Red Cross has released some of their findings so far. Most notably, the incident has been tied to an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus – a self-service password management a single sign-on solution.

The vulnerability was spotlighted by several companies last year, including Microsoft, Palo Alto Networks, and Rapid7. The US Cybersecurity and Infrastructure Security Agency (CISA) and the German Federal Office for the Protection of the Constitution (BfV) released warnings that groups were exploiting this issue as early as last September.

In a statement last week, the Red Cross admitted that they failed to apply the patch for the vulnerability before they were initially attacked on November 9th.

Though the attack has not been attributed to anyone, they reiterated that they are still willing to communicate with the hackers to protect and prevent the personal information of those affected being distributed.

Source - Red Cross Update - ICRC

Source - Red Cross Update - ZDNet

Source - Red Cross Update - SC Magazine

The Red Cross admitted that they failed to apply the patch for the vulnerability before they were initially attacked

Half of All Sites Exposed

Finally, in the newest edition of the NTT Application Security AppSec Stats Flash report, they look back at 2021. There is however one area of this report that I wanted to focus on.

The researchers found that 50% of all websites they tested were vulnerable to at least one serious exploitable vulnerability throughout the entirety of last year, while only 27% of sites tested were vulnerable for less than 30 days. Let’s break this down by industry:

  • Utilities: Some 63% of utilities websites were vulnerable to at least one exploitable vulnerability throughout 2021, up 8% from the year before.
  • Education: The sector had the longest Time-to-Fix a critical vulnerability across all industries — 523.5 days — nearly 335 days more than public administration (188.6 days), which maintained the shortest timeframe throughout 2021.
  • Finance and Insurance: At 43% these business sectors had the lowest percentage of sites perpetually exposed.

Commenting on these figures, Mark Lambert, Vice President of Products at ArmorCode said that: 

“AppSec teams are outnumbered 100:1. Development and security teams are siloed and disconnected, resulting in frustration and finger-pointing. So, releases go out the door fast and furious with known vulnerabilities — and when new vulnerabilities are identified, teams have to scramble to respond.”

David Stewart, CEO of Approov, said: 

“Security vulnerabilities will always exist in software and although it’s right to assign time and resources to fixing them, we’ll never reach a point in which the industry releases vulnerability-free software”.

A link to the full AppSec Stats Flash report has been included below.

Source - Half of All Sites Tested Vulnerable - SC Magazine

Source - Security AppSec Stats Flash Report

We’ll never reach a point in which the industry releases vulnerability-free software
David Stewart, CEO of Approov
If you want to get in touch then give us a shout