13 February 2024

8 min read

Ivanti and Fortinet disclose critical vulnerabilities | Cyber Intelligence Briefing: 13 February

February 2024
Cyber Intelligence Briefing

 

Top news stories this week

  1. A week to forget. Ivanti and Fortinet disclose critical vulnerabilities.
  2. Brush with destiny. Media outlets falsely report three million toothbrushes used in attack on Swiss company.
  3. Through the roof. Ransomware payments double to record-breaking USD 1.1 billion in 2023.
  4. I spy. Google warns of threat from commercial spyware amid crackdown by 35 governments. 
  5. Data danger. French healthcare companies and US ride share firm experience data breaches.
  6. Sting operation. US State Department offers USD 10 million reward for information on Hive ransomware group.   

Listen to the Cyber Intelligence Briefing

New call-to-action New call-to-action New call-to-action New call-to-action

1. Ivanti and Fortinet warn of critical vulnerabilities in products 

US IT firm Ivanti has disclosed five critical vulnerabilities impacting its VPN products Ivanti Connect Secure and Ivanti Policy Secure Gateway. Europol published a statement warning that four of these vulnerabilities are being actively exploited and advised organisations to follow the latest guidance.

Separately, US cyber security firm Fortinet disclosed one critical vulnerability impacting its SSL VPN FortiOS.

So what?

Organisations using the Ivanti and Fortinet products should follow the latest guidance and update vulnerable software immediately. 

[Researcher: Waithera Junghae] 


2. Media outlets falsely report three million toothbrushes used in DDoS attack

A Swiss media outlet’s article reporting that three million electric toothbrushes were used in a Distributed Denial of Service (DDoS) attack went viral last week. A correction provided by Fortinet indicated that the topic was meant to be a hypothetical illustration of potential future security threats and did not describe an actual incident.

So what?

Misinformation spreads rapidly in the age of digital media. It is good practice to reference multiple media sources to ensure the integrity of your information.

[Researcher: David Broome]


3. Ransomware payments double to record-breaking USD 1.1 billion in 2023

A report produced by blockchain analytics firm Chainalysis has revealed that more than USD 1.1 billion in ransom payments were made to ransomware groups in 2023. The record-breaking number is more than double the payments made in 2022.

So what?

Read S-RM’s article ‘Incident response in 2023 – a view from the data’ to learn more about last year’s record-breaking trends.

[Researcher: David Broome]

 

New call-to-action

 

4. Government crackdown on commercial spyware while Google issues warning 

35 countries including the UK, France, and the US have joined major tech firms in signing an international agreement aimed at tackling commercial tools used to carry out cyber attacks. Israel, which is home to several commercial spyware firms, was absent at a diplomatic conference held on 6 February to launch the agreement. The US also announced it would restrict visas for individuals involved in the misuse of commercial spyware.

A Google report coinciding with the announcement found that commercial spyware vendors had developed half of all known zero-day exploits targeting the company and its Android devices.

So what?

Commercial spyware in the wrong hands is a threat to security and civil liberties.

[Researcher: Waithera Junghae]


5. French healthcare payment service providers and American ridesharing company fall victim to large-scale data breaches

French healthcare companies Viamedia and Almerys suffered data breaches, exposing the data of 33 million individuals. The compromised data included health insurance details and social security numbers. A successful phishing campaign is suspected to have been the cause of the breach.

Separately, HopSkipDrive, a US ridesharing company, also suffered a third-party data breach which impacted around 155,000 individuals.

So what?

Individuals impacted by data breaches face heightened risk of phishing attacks as well as other fraud schemes, and should consider identity theft monitoring. 

[Researcher: Amy Gregan]


6. USD 10 million reward for information on Hive ransomware group 

The US Department of State announced it would pay up to USD 10 million for information leading to the identification or location of senior members of the Hive ransomware group. They also offered up to USD 5 million for information leading to the arrest of individuals who carried out Hive ransomware attacks. Hive was a prolific ransomware group until the FBI took down their infrastructure in January last year.

So what?

Law enforcement has had some notable recent successes taking down threat actor-controlled infrastructure. However, catching the criminals responsible is a much more difficult task.

[Researcher: James Tytler]


SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.