- Neeve
- Posts
- 🔥 Critical Infrastructure Faces New Cyber Threats
🔥 Critical Infrastructure Faces New Cyber Threats
Fines, leaks, and hacks—key cyber updates
Alison Bridge
January 14, 2025
In this week’s Neeve Newsletter, critical OT security guidance emerges, ICS vulnerabilities require urgent action, thousands of SonicWall devices remain exposed to ransomware risks, and a zero-day exploit targeting Fortinet FortiGate firewalls has been discovered.
This Week’s Cyber Insights
Be part of the conversation
Want to stay informed about Neeve’s latest partnerships and innovations?
Our LinkedIn is your go-to spot for fresh insights and updates.
Join the conversation!
Like, comment, and repost to stay at the forefront of cybersecurity innovation.
🛡️ NSA, CISA Issue Secure OT Guide
NSA and CISA, alongside international partners, released a Cybersecurity Information Sheet on secure OT product procurement.
The guidance highlights 12 critical security elements, including strong authentication, secure communications, and vulnerability handling.
Many OT products lack built-in security, making them prime targets for cyberattacks due to weak authentication and default credentials.
The document emphasizes a "secure by demand" approach, urging OT buyers to demand stronger cybersecurity measures from manufacturers.
Global partners, including agencies from Australia, Canada, the EU, and the UK, contributed to the guidance.
🤔 The Bigger Picture:
Operational technology environments are crucial to critical infrastructure, but they often lag behind IT systems in cybersecurity maturity. This guidance not only helps organizations strengthen their procurement process but also pressures manufacturers to adopt more secure-by-design principles. Companies adopting these best practices can better manage supply chain risks and reduce vulnerability exposure.
CISA issued four ICS advisories highlighting vulnerabilities in Schneider Electric, Delta Electronics, and Rockwell Automation products.
Schneider Electric’s PowerChute and Harmony HMI products have exploitable flaws, including improper authentication and unmaintained third-party components.
Delta Electronics’ DRASimuCAD has multiple vulnerabilities, such as out-of-bounds write, leading to potential remote code execution.
Rockwell Automation’s Arena software is susceptible to arbitrary code execution due to use-after-free and other vulnerabilities.
Vendors have issued mitigation recommendations, including updates, firewalls, network segmentation, and secure remote access practices.
🤔 The Bigger Picture:
Industrial control systems are integral to critical infrastructure, and these vulnerabilities present a significant risk to sectors like manufacturing, energy, and water systems. Exploitation could lead to system compromise, operational disruption, or unauthorized control.
Threat actors exploited FortiGate firewalls using a suspected zero-day vulnerability, allowing unauthorized admin access.
The campaign targeted devices running firmware versions 7.0.14 to 7.0.16, observed between November and December 2024.
Attack phases included vulnerability scanning, configuration changes, SSL VPN access creation, and credential extraction via DCSync.
Arctic Wolf urges immediate disabling of public management interface access, firmware updates, and MFA implementation.
Fortinet has issued patches for CVE-2023-37936, a critical flaw involving a hard-coded cryptographic key.
🤔 The Bigger Picture:
Fortinet firewalls are widely used by enterprises, making this campaign a significant security threat. Immediate action is needed to prevent exploitation by disabling public-facing management interfaces and ensuring devices are fully patched. Failure to act leaves organizations vulnerable to lateral movement, data breaches, and potential future attacks leveraging compromised credentials.
SonicWall, a leading cybersecurity provider known for its firewalls and VPN solutions, has over 48,000 devices still unpatched against CVE-2024-40766, a critical flaw with a CVSS score of 9.3.
The vulnerability allows attackers to gain unauthorized administrative access, posing risks of data breaches and ransomware attacks.
Notorious ransomware groups Akira and Fog have actively exploited this flaw, targeting over 100 organizations since September 2024.
Victim organizations span various sectors, with attacks occurring quickly—sometimes within 1.5 to 10 hours of initial access.
Despite patch availability since August 2024, adoption has been slow, leaving many organizations exposed.
🤔 The Bigger Picture:
The large number of unpatched devices highlights a significant cybersecurity gap, making these organizations prime targets for ransomware. With Akira and Fog ramping up exploitation, failure to patch could lead to severe financial and operational consequences.
Further Alerts & Insights
đź“° Hijacked Backdoors Reveal Supply Chain Risks
Researchers identified and hijacked over 4,000 malicious backdoors, exposing ongoing supply chain threats. This highlights the pressing need for organizations to monitor unauthorized access routes.
đź“° Major Vulnerabilities Patched Across Platforms
Several critical vulnerabilities across major software platforms have been patched. Users are advised to update their systems to stay protected from potential attacks.
đź“° CISA Report on Cyber Goal Adoption
CISA’s analysis of 7,791 organizations shows improved cybersecurity in four key sectors: healthcare, water, communications, and government. The agency encourages broader adoption across all critical infrastructure.
đź“° Supply Chain Cyber Risks Rise
A new report highlights how complexity and interdependencies in supply chains hinder efforts to boost cyber resilience. Key barriers include fragmented ownership and limited visibility.