At a glance.
- CISA adds to its Known Exploited Vulnerabilities Catalog.
- Advisory warns of APT targeting ICS/SCADA.
New bugs added to CISA’s vulnerability catalog.
The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that ten new vulnerabilities have been added to its Known Exploited Vulnerabilities Catalog. The new additions include an injection vulnerability impacting VMware Workspace ONE access, a Microsoft Windows CLFS driver vulnerability that allows for privilege escalation, and a Drupal remote code execution vulnerability. The catalog, created by Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, serves as a living list of common vulnerabilities and exposures that pose an active threat to federal agencies, and agencies are required to to remediate each identified vulnerability by a specified due date. For these new vulnerabilities, the deadlines fall in May 2022.
Joint Cybersecurity Advisory warns of APT targeting industrial control systems.
CISA also announced that, in collaboration with the Department of Energy, the National Security Agency, and the Federal Bureau of Investigation, it has issued a joint Cybersecurity Advisory (CSA) warning that advanced persistent threat (APT) actors have created custom-made tools for targeting multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. (Though CISA has not disclosed what nation-state might be behind the threat, some experts say circumstantial evidence points to Russia.) The impacted devices include Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture servers, and the APT’s tools give the attackers full system access, even allowing them to compromise Windows-based engineering workstations present in informational technology or operational technology (OT) environments. Once they have access, the threat actors can elevate privileges and move laterally within the OT environment to disrupt critical functions.
Critical infrastructure organizations, especially those in the energy sector, are being urged to implement the detection and mitigation strategies detailed in the CSA. Recommendations include using strong perimeter controls to isolate ICS/SCADA systems and networks from corporate and internet networks, limiting any communications entering or leaving ICS/SCADA perimeters, enforcing multifactor authentication for all remote access to ICS networks and devices, and establishing a cyber incident response plan shared with the organization’s stakeholders in IT, cybersecurity, and operations.