From Brian Krebs’ KrebsonSecurity website:
On Jan. 19, the ICRC disclosed the compromise of servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement. The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes.
Latest info: The ICRC now says the hackers broke in on Nov. 9, 2021, using an unpatched critical vulnerability (CVE-2021-40539). “This vulnerability allows malicious cyber actors to place web shells and conduct post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted.”
This is exactly what I talk about in my book – you have to keep updating (or patching) your software.
The CVE-2021-40539 mentioned which caused the initial breach is a Zoho manageEngine ADSelfService Plus.
Apparently this software is a web-based end-user password reset management program. This software helps domain users to perform self service password reset, self service account unlock and employee self update of personal details in Microsoft Windows Active Directory.
Interesting to note this software apparently is a Service Desk software that helps companies manage their environment. It is this software that had a vulnerability. When one looks at a vulnerability always look for this: “RCE(Remote code Execution)”.
If the vulnerability can remotely attack a system without authentication then one has a weakness which can be exploited by the bad guys as noted above.
The bottom line is that you have to upgrade and patch everything. Buy my book at this link so that you can understand better this whole process.
The process of vulnerabilities having to be patched as soon as practical.
A reminder – as one sees the vulnerability one is reminded that the attackers have been busy trying to find the vulnerability and are now actively exploiting it.
this complex environment is eluding the small business owner and that is why I have written the book: “Too Late You’re Hacked”