Bitdefender has published a study detailing sophisticated corporate espionage against a US technology company. The attack took place over several months and focused on data exfiltration.
An extensive network of several hundred IP addresses (most of them from China) were used for the attack. As part of the study, Bitdefender concludes that this type of attack is likely to increase and advises companies in industry, energy, finance, defense and other critical sectors to be on high alert.
Spy campaign on Bitdefender partners
The origin of the study was a spying campaign on a Bitdefender partner, a US hardware manufacturer with fewer than 200 employees. The attack spanned several months and involved exploiting known vulnerabilities with sophisticated data extraction techniques.
Such so-called hybrid attacks are becoming more and more common. They combine opportunistic tactics, such as automated vulnerability scanning, with sophisticated techniques, such as the extraction of critical company data. Such attacks are compromised using automated scanners, the results of which are then checked by a human to determine whether it is worth using complex techniques to target and extract the target's data.
Access via a known, commonly exploited vulnerability
The initial infection vector in this case was an internet-facing instance of the web server “ZOHO ManageEngine ADSelfService Plus”, which was exploited via a known, unpatched, commonly exploited vulnerability (CVE-2021-40539). This allowed actors to bypass security authentication and manually execute arbitrary code. Once the criminals gained access, they deployed a web shell to a directory they could access over the internet and used it to remotely access a web server.
A huge network with several hundred IP addresses (most of them from China) was used for the attack. Although security alerts were generated, the sophisticated attack was carried out using manual commands and therefore went undetected.
Vulnerability exploits doubled in 2021
The one described in this case Attack coincides with the findings of the latest Data Breach Investigations Report 2022, according to which the number of security breaches caused by the exploitation of vulnerabilities has doubled in the past year. Bitdefender expects this trend to continue. Attackers are increasingly focusing on breaching confidentiality (data exfiltration) rather than breaching availability (using ransomware). Businesses of all sizes that are seen as a valuable goal or a path to a greater goal are at risk.
“Organizations of all shapes and sizes require multi-layered security that includes threat prevention, detection and response capabilities. In this case, the attack used a known web server vulnerability and then applied sophisticated manual endpoint compromise and data exfiltration techniques,” says Bob Botezatu Director, Threat Research at Bitdefender. “This is a great example of why leveraging managed detection and response services is essential in today's threat landscape. Regardless of how big or small a company is.”
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de