During the last quarter of 2019, the ClearSky research team has uncovered a widespread Iranian offensive campaign called “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and around the world.
Though the campaign, the attackers succeeded in gaining access and persistent foothold in the networks of numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world.
Several VPN products have had vulnerabilities disclosed in recent months and so it\’s not surprising that state-backed groups are looking to leverage their windo of opportunity, knowing all too well that patching vulnerable systems can take organisations a long time.
There is a certain irony to this as organisations deploy VPNs for security, could be breached because of those very security products.
It\’s important for organisations to remember that security products themselves are software. And like all other forms of software, they can, and do have flaws and vulnerabilities. Because many security products run at higher privileges, any compromise could give a criminal the keys to the kingdom. Therefore it would be prudent for organisations to identify security software in their asset inventories, and ensure they are patched as a matter of urgency.
Sophisticated hackers and especially nation states are going to be the first to use newly disclosed vulnerabilities across operating systems, networking and other areas of corporate and critical infrastructure. That is why Microsoft and other security leaders and urging enterprises to separate their critical and most sensitive infrastructure components from their regular day-to-day infrastructure components, which includes both Privileged Access Workstations and Network Segmentation that will ensure that if one part of your infrastructure is compromised, the most critical areas remain intact.
Although the recent uptick in global tensions has elevated the perception of risk for many organizations, many have not implemented proper solutions to monitor and visualize their network traffic. At this point, everyone should constantly operate under the assumption that they are already compromised. There is a never-ending stream of new vulnerabilities and every organization, every day, has vulnerable devices connected to the business. Network traffic analysis (NTA) is a must-have technology at this point, scrutinizing every conversation and running algorithms to uncover bad actors who have gained a foothold and operating under stealth. Once a hacker gains a foothold, they will look to escalate their privileges through lateral movement. Traditional security tools that sit at the perimeter, cannot see this lateral movement. NTA, on the other hand, is deployed within the network and is purpose-built to monitor all traffic (including east/west traffic) to identify, notify, and remediate the risk.