The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning of active attacks exploiting three critical vulnerabilities in popular technology systems. The vulnerabilities, in Fortra MFT managed file transfer application, TerraMaster network-attached storage (TNAS) devices, and Intel ethernet diagnostics driver for Windows, could allow for unauthenticated remote code execution, denial-of-service states, and data theft.
TerraMaster Network-Attached Storage (TNAS) Devices Vulnerability
The first vulnerability, identified as CVE-2022-24990, is present in TerraMaster network-attached storage (TNAS) devices. According to a joint advisory from U.S. and South Korean government authorities, the flaw has been weaponized by North Korean nation-state hackers to target healthcare and critical infrastructure entities with ransomware.
Intel Ethernet Diagnostics Driver for Windows Flaw
The second vulnerability, CVE-2015-2291, is an unspecified flaw in the Intel ethernet diagnostics driver for Windows. This vulnerability can throw an affected device into a denial-of-service state and has been exploited in the wild by multiple threat actors including BlackByte, Earth Longzhi, Lazarus Group, and OldGremlin.
Fortra's GoAnywhere MFT Managed File Transfer Application Vulnerability
The third vulnerability, CVE-2023-0669, is a remote code injection discovered in Fortra's GoAnywhere MFT managed file transfer application. While patches have been released, the exploitation has been linked to a cybercrime group affiliated with a ransomware operation. It is suspected that the attacks are a precursor to deploying file-locking malware on targeted systems.
Protecting Your Systems
Federal Civilian Executive Branch (FCEB) agencies are required to apply the patches by March 3, 2023, to secure their networks against these active threats. However, even if you are not part of a federal agency, it is important to take proactive measures to protect your systems and data. Make sure to keep your systems and software up to date and to implement a multi-layered security approach that includes endpoint protection, network security, and backup and disaster recovery solutions.
Stay vigilant and stay protected against the ever-evolving threat landscape.