CyberSecurity news
FlagThis
Unit 42@Unit 42
//
A massive cyberattack has compromised over 2,000 Palo Alto Networks devices globally, exploiting newly discovered zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474. Attackers successfully bypassed authentication mechanisms, escalated their privileges within the compromised systems, and deployed malware. The United States and India were disproportionately affected, highlighting the widespread nature of this campaign. Security researchers are urging immediate action to secure Palo Alto Networks firewall management interfaces and apply necessary patches.
The vulnerabilities, affecting specific versions of PAN-OS software, allow attackers with network access to the management interface to gain administrator privileges. This allows them to perform administrative actions, tamper with configurations, and deploy further malicious code, potentially leading to extensive network infiltration. Arctic Wolf, a cybersecurity firm, observed intrusions across various industries, with affected devices downloading malware including the Sliver C2 framework and coinminers. The speed and scale of this attack underscore the critical need for prompt patching and robust security practices.
Palo Alto Networks has released security advisories detailing the vulnerabilities and recommended mitigation steps, including restricting management interface access to trusted internal IP addresses. The Shadowserver Foundation reported that over 2,000 devices have already been compromised, emphasizing the urgency of the situation. Organizations are advised to immediately review their Palo Alto Networks devices, check for vulnerabilities, and implement the necessary security updates to prevent exploitation. The ongoing investigation continues to reveal the full extent of the damage and the impact of this widespread attack.
ImgSrc: unit42.paloalto
References :
The vulnerabilities, affecting specific versions of PAN-OS software, allow attackers with network access to the management interface to gain administrator privileges. This allows them to perform administrative actions, tamper with configurations, and deploy further malicious code, potentially leading to extensive network infiltration. Arctic Wolf, a cybersecurity firm, observed intrusions across various industries, with affected devices downloading malware including the Sliver C2 framework and coinminers. The speed and scale of this attack underscore the critical need for prompt patching and robust security practices.
Palo Alto Networks has released security advisories detailing the vulnerabilities and recommended mitigation steps, including restricting management interface access to trusted internal IP addresses. The Shadowserver Foundation reported that over 2,000 devices have already been compromised, emphasizing the urgency of the situation. Organizations are advised to immediately review their Palo Alto Networks devices, check for vulnerabilities, and implement the necessary security updates to prevent exploitation. The ongoing investigation continues to reveal the full extent of the damage and the impact of this widespread attack.
ImgSrc: unit42.paloalto
Share:
References :
- Arctic Wolf: Arctic Wolf has observed multiple intrusions across a variety of industries involving Palo Alto Network firewall devices.
- cyble.com: German CERT Warns ‘Attacks are Happening,’ Urges PAN-OS Chained Vulnerabilities’ Patching
- bsky.app: Over 2,000 Palo Alto Networks devices hacked in a massive campaign exploiting new vulnerabilities CVE-2024-0012 & CVE-2024-9474 Attackers are bypassing authentication, escalating privileges, and dropping malware. With U.S. and India hit hardest, is your network secure?
- Carly Page: Hackers have compromised potentially thousands of organizations by exploiting two new zero-day vulnerabilities in software made by cybersecurity giant Palo Alto Networks
- techcrunch.com: Article on the massive attack exploiting Palo Alto Networks vulnerabilities.
- Unit 42: Unit 42 analysis on the vulnerabilities.
- security.paloaltonetworks.com: Security advisory from Palo Alto Networks detailing the vulnerabilities and mitigation steps.
Classification:
- HashTags: #PaloAltoNetworks #ZeroDay #Vulnerability
- Company: Palo Alto Networks
- Target: Multiple
- Product: PAN-OS
- Feature: authentication bypass
- Type: Vulnerability
- Severity: Major