Today’s Cybersecurity Threats and Trends - 12/17/2024

WordPress is having a bad week and Industrial control systems face a reemerging threat.

Author

J.W. Croley
December 17, 2024

In partnership with

There’s a reason 400,000 professionals read this daily.

Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.

1. WordPress Plugin Allows Unauthorized Installations

Primary Threat: A critical vulnerability in the Hunk Companion WordPress plugin allows attackers to install and activate unauthorized plugins on vulnerable sites. According to WPScan’s analysis, attackers exploit a misconfiguration in the plugin’s authentication mechanism to manipulate site functionality. This flaw opens the door to malicious plugin installations, backdoors, and unauthorized administrative access.

  • MITRE Tactics: Execution, Persistence

  • Risk: Medium – Unauthorized plugins can inject malicious code, exfiltrate sensitive data, or deface WordPress websites, affecting both site integrity and user trust.

2. 390,000 WordPress Credentials Stolen via Credential Harvesting Campaign

Primary Threat: A widespread credential harvesting campaign has stolen credentials from over 390,000 WordPress accounts, as revealed by Datadog Security Labs. Attackers are deploying phishing campaigns and exploiting vulnerable plugins to gain administrative access, exfiltrate credentials, and compromise website content. These compromised sites can be further weaponized for malware delivery or defacement.

  • MITRE Tactics: Credential Access, Initial Access

  • Risk: High – Credential theft at scale can lead to widespread website compromises, impacting user trust, data security, and business continuity.

3. Symlink Exploit Steals Data from iCloud via TCC Bypass

Primary Threat: Researchers at Jamf Threat Labs have uncovered a macOS vulnerability involving a symlink exploit to bypass Apple’s Transparency, Consent, and Control (TCC) framework. Exploiting this flaw allows attackers to gain unauthorized access to sensitive iCloud data, bypassing Apple’s privacy protections. The symlink manipulation tricks macOS into granting permissions to malicious applications, enabling them to exfiltrate files.

  • MITRE Tactics: Defense Evasion, Collection

  • Risk: High – Exposed iCloud data could include personal files, photos, or credentials, significantly compromising user privacy and security.

Did you know...?

Industrial Control Systems (ICS) have been a prime target for cyberattacks since the infamous Stuxnet worm in 2010, which sabotaged Iran's nuclear centrifuges. Since then, state-sponsored actors have continued to develop malware like IOCONTROL, targeting energy grids, manufacturing plants, and utility systems worldwide. These attacks highlight the importance of securing legacy OT infrastructure to prevent large-scale operational disruptions.

4. 296,000 Prometheus Instances Vulnerable to DoS Attacks

Primary Threat: A recent study by Aqua Security reveals that 296,000 Prometheus servers and exporters are publicly exposed, making them vulnerable to denial-of-service (DoS) attacks. Prometheus, widely used for monitoring containerized environments, often lacks proper access controls, allowing attackers to overwhelm systems and degrade performance. Misconfigurations and default settings are primary contributors to this exposure.

  • MITRE Tactics: Initial Access, Impact

  • Risk: High – Publicly accessible Prometheus instances can be targeted to disrupt critical infrastructure and systems, impacting operational efficiency.

5. IOCONTROL Malware Targets Industrial Control Systems

Primary Threat: Researchers at Claroty Team 82 have identified IOCONTROL, a sophisticated malware targeting OT (Operational Technology) and IoT systems in critical infrastructure. Linked to Iranian state-sponsored actors, IOCONTROL is designed to manipulate industrial control systems, disrupt operations, and exfiltrate sensitive data. The malware exploits vulnerabilities in legacy OT devices and unpatched IoT platforms, posing significant risks to energy, manufacturing, and utility sectors.

  • MITRE Tactics: Initial Access, Impact, Collection

  • Risk: High – Attacks on OT systems can result in operational disruption, equipment damage, and economic consequences for critical industries.

6. OpenWRT Vulnerability Exposed to Firmware Manipulation

Primary Threat: OpenWRT has issued a security advisory for a critical vulnerability that allows attackers to manipulate router firmware through malicious sysupgrade processes. The flaw enables unauthorized firmware updates, providing attackers full control over affected devices. Compromised routers can be used for network surveillance, traffic redirection, and further exploitation.

  • MITRE Tactics: Persistence, Impact

  • Risk: High – Compromised development tools can provide attackers with extensive access to sensitive systems and data.

IN SUMMARY:

Today’s threats demonstrate the relentless innovation of attackers.

The IOCONTROL malware targeting OT systems highlights the risks to critical infrastructure, while Prometheus misconfigurations leave hundreds of thousands of systems exposed to disruption.

WordPress sites face persistent threats, with plugin flaws and large-scale credential theft campaigns putting millions at risk.

Meanwhile, macOS vulnerabilities like the symlink TCC bypass underscore the need for robust privacy defenses, and the OpenWRT flaw reminds us of the risks posed by unpatched IoT devices.

Stay vigilant, update your systems promptly, and ensure proper access controls to reduce exposure.

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)