Several active exploits in wild, CCCS recommending to get MFA turned up especially on perimeter; patch vulnerable software particularly for publicly exposed services.
In recent months, the Cyber Centre has been made aware of several compromises of computer networks in Canada. The compromises took advantage of vulnerable, less secure implementations of remote access services. In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version.
The malicious activities were reported to the Cyber Center in June and July 2020. Incidents included intensive reconnaissance-style scanning of target networks, followed by the successful compromise of vulnerable and improperly secured servers and network access devices. In some instances, malware was installed, and compromised infrastructure may have been used in attempts to compromise different networks and/or other organizations. Threat actors may have remained active on compromised networks for a period of months before their activities were detected.
The Cyber Centre has published numerous Advisories and Alerts related to significant vulnerabilities which could allow unauthenticated access to organizations’ remote services and lead to remote code execution, or further exploitation of an organization’s infrastructure. It should be noted that even non-vulnerable systems exposed to the Internet may be subject to compromise should a threat actor obtain valid credentials with even limited system privileges.
The Cyber Centre is urging Canadian organizations to apply all security updates to their internet-facing services and enable 2FA for all remote access accounts.
Organizations failing to apply security updates in a timely manner and not using 2FA are exposing themselves to compromises such as information theft and ransomware.
CCCS via Canada.ca