Vulnerabilità Sharepoint Sotto Attacco

Proto: N030519.

Con la presente Yoroi desidera informarLa relativamente al recente rilevamento di attacchi rivolti ad istanze Microsoft Sharepoint, nota piattaforma collaborativa utilizzata sia in ambienti SMB che Enterprise per la condivisione e gestione di knowledge base aziendali. La criticità presa di mira è nota con l’identificativo CVE-2019-0604.

La vulnerabilità è causata da lacune nella validazione dei “markup” all’interno dei pacchetti applicativi Sharepoint. Tale condizione può essere sfruttata da un attaccante in possesso di apposite utenze sharepoint attraverso le quali può eseguire codice arbitrario all’interno del server, compromettendone la sicurezza.

Ricercatori di terze parti hanno recentemente rilevato tentativi di attacco verso questa particolare vulnerabilità degli applicativi Sharepoint, pertanto Yoroi consiglia caldamente di verificare lo stato di aggiornamento delle infrastrutture server Sharepoint eventualmente in uso presso le vostre reti, di valutarne l’esposizione e di applicare gli aggiornamenti di sicurezza resi disponibili dal Produttore.

Yoroi consiglia infine di mantenere alto il livello di consapevolezza degli utenti, avvisandoli periodicamente delle minacce in corso e di utilizzare un team di esperti per salvaguardare la sicurezza del perimetro "cyber". Per avere un indice di minaccia in tempo reale si consiglia di visitare il seguente link: Yoroi Cyber Security Index

Yoroi Cyber Security Annual Report 2018

In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. For this reason, analyzing the last year occurred events would help cyber-security professionals to prevent further attacks during the next few months. In many cases the attacks reached a very high sophistication levels, both nation-state cyber espionage groups and cyber crime organizations carried out attacks that had a severe impact on the victims. This is just the tip of the iceberg since in many cases organizations are not able to detect threats allowing them to cause huge damage on their infrastructure.

Yoroi Cyber-security Report analyzes the evolution of the threat landscape observed between January 2018 and December 2018. Differently from other reports published by many security firms, this analysis focuses on threats detected by Yoroi Cyber-Security Sensors standing behind Customers infrastructures. Every single attack and/or threat has been managed by the experts at Yoroi.

The report provides a unique point of view because it describes threats and attacks that have bypassed security measures implemented by the targets. Those data are not coming from OSINT or CLOSINT, but have been collected directly from the customer side.The report is divided into sections. Each section is atomic and could be read independently from each other section. Section 1 describes the evolution of the malware in the threat landscape in the past twelve months. it also includes a special focus on 0-Day Malware and their propagation methods.

Section 2 reports observed data from the attacks surface focusing on IP addresses analysis and ASNs involved in the attacks. Section 3 describes the “blocked attacks” through Yoroi DNS protection during the year, while Section 4 describe Dark-Net activities observed by our researchers. Dark-nets are abused for many malicious purposes, they can be abused to hide command and control infrastructure or to carry out an attack attempting to remain anonymous. This section provides data on the attacks originated from resources hidden in the dark-nets and communications from customers infrastructures to dark-nets, likely associated with malware activity. Section 5 includes a wide analysis on data leaks discovered using the Yoroi Digital Surveillance and finally the Section 6 describes new trends on attacks techniques and operations.


---
Download the Yoroi Cyber Security Report 2018
---

Figure. Major e-crime malware activities observed during Yoroi’s monitoring operations within Italian landscape