#NSBCS.048 - The Best Defence is a Good Offence: Strengthening Security with OffSec and Ethical Hacking
Source: NSB Cyber
The Best Defence is a Good Offence: Strengthening Security with OffSec and Ethical Hacking
Ethical hacking, also known as penetration testing, provides numerous benefits to organisations striving to protect their digital assets in an era marked by increased cyber threats. By simulating attacks on systems and networks, ethical hackers help identify vulnerabilities before malicious actors can exploit them. This proactive approach to cybersecurity is essential for safeguarding sensitive data and ensuring the integrity of organisational operations.
One of the primary benefits of ethical hacking is its ability to uncover pre-existing vulnerabilities in respective client IT Environments and Enterprise Applications. Traditional security measures, whilst important, may not always detect complex weaknesses. Ethical hackers utilise advanced techniques and tools to mimic real-world attack scenarios, enabling them to identify flaws that may otherwise go unnoticed. This thorough examination helps organisations patch vulnerabilities, thereby reducing the risk of successful cyberattacks.
Moreover, ethical hacking can lead to cost savings in the long run. While hiring ethical hackers may seem like an additional expense, the cost of a data breach can far exceed these initial investments. Breaches can result in significant financial losses due to regulatory fines, legal fees, and reputational damage. By investing in ethical hacking, organisations can mitigate these risks and avoid the associated costs of recovering from a cyber incident.
Here’s a quick breakdown of some of the key types of ethical hacking, each tailored to uncover specific weaknesses in an organisation’s security setup:
Network Penetration Testing: This involves probing a company's internal and external network infrastructures to identify potential vulnerabilities. It tests firewalls, routers, and other network devices that could be exploited by attackers.
Web Application Penetration Testing: Ethical hackers assess the security of web applications, looking for issues like SQL injection, cross-site scripting (XSS), and other vulnerabilities that can compromise user data and application integrity.
Wireless Penetration Testing: This targets wireless networks, assessing the encryption protocols, access points, and security measures in place to prevent unauthorised access or eavesdropping.
Social Engineering: In this scenario, ethical hackers test the human element of security by attempting to trick employees into revealing confidential information, clicking on malicious links, or bypassing security protocols through phishing attacks or impersonation.
At NSB Cyber, our offensive security services focus on uncovering vulnerabilities through ethical hacking, offering a proactive way to secure your organisation’s systems. We simulate real-world attacks to identify weaknesses that may not be caught by traditional security measures, such as complex vulnerabilities in networks, applications, and infrastructure. This approach helps us identify issues that malicious actors could exploit, giving you the opportunity to address them before they pose a serious threat. Whether it’s network penetration testing, web application assessments, or targeted phishing simulations, our aim is to provide a comprehensive view of your organisation's security posture and take #NoStepsBackwards.
For information on NSB Cyber’s Resilience capabilities or to book a meeting with our team, click here.
What we read this week
Fortinet Warns of New Critical FortiManager Flaw Used in Zero-day Attacks - Fortinet disclosed a critical vulnerability (CVE-2024-47575) in FortiManager that has been exploited in zero-day attacks. The flaw allows remote attackers to execute arbitrary code, leading to the theft of sensitive files containing configurations, IP addresses, and credentials. Fortinet developed the "FortiGate to FortiManager Protocol" (FGFM) to simplify the process for companies to deploy FortiGate firewall devices. This protocol allows the devices to automatically register with a remote FortiManager server, enabling centralised management from a single location. The flaw impacts several versions, and Fortinet recommends mitigation steps, such as updating firmware and creating custom certificates, while urging users to apply security patches promptly.
NotLockBit Ransomware Can Target macOS Devices - A new ransomware strain called NotLockBit has been discovered targeting macOS devices, mimicking the well-known LockBit ransomware. Written in Go, this malware affects both macOS and Windows systems, using double extortion tactics such as encrypting files and stealing data. It uses RSA encryption to make decryption impossible without the attacker's private key, and exfiltrates data to an attacker-controlled Amazon S3 bucket using hardcoded credentials. NotLockBit appears to be in active development, though no victims have been reported yet.
Fake Google Meet Conference Errors Push Infostealing Malware - A new campaign is distributing infostealing malware by using fake Google Meet conference error pages. The attackers, identified as part of the ClickFix campaign, lure victims with phishing emails that mimic Google Meet invitations. When victims click on the links, they are shown fake error messages and prompted to run malicious PowerShell commands, infecting their devices. The malware being deployed targets both Windows and macOS systems. This campaign primarily delivers malware like Stealc, Rhadamanthys, and AMOS Stealer to compromise systems and steal sensitive information.
Lazarus Group Exploits Chrome Zero-Day in Latest Campaign - The Lazarus Group, a North Korean state-backed threat actor, has been exploiting a critical Chrome zero-day vulnerability in recent cyberattacks. Kaspersky researchers observed that a second Chrome vulnerability exploited by the Lazarus Group lacked a formal identifier and this vulnerability allowed attackers to bypass Chrome's V8 sandbox, gaining full control over the system. Once inside, the attackers deployed shellcode to gather intelligence on the compromised system and determine whether to drop further malware, including a backdoor called Manuscrypt. The campaign stood out due to the extensive social engineering efforts by Lazarus Group, who crafted fake promotional activities to build trust. They used multiple fake accounts and AI-generated content on platforms like X (formerly Twitter) and LinkedIn, even engaging with cryptocurrency influencers to further the campaign and target their crypto accounts.
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks - Cybercriminals are exploiting exposed Docker API servers to deploy SRBMiner, a cryptocurrency mining malware. The attackers use the gRPC protocol over the HTTP/2 cleartext (h2c) upgrade to bypass security and gain control over Docker environments. Once inside, they create containers to mine cryptocurrency using the SRBMiner payload hosted on GitHub. This attack also involves a base64-encoded payload that masquerades as a PHP file to deliver further malicious components. Organisations are advised to secure Docker API endpoints with strong access controls.
References
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
https://www.securityweek.com/notlockbit-ransomware-can-target-macos-devices/
https://www.bleepingcomputer.com/news/security/fake-google-meet-conference-errors-push-infostealing-malware/
https://www.darkreading.com/cyberattacks-data-breaches/lazarus-group-exploits-chrome-zero-day-campaign
https://thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html