Welcome to the seventh edition of Dellfer Insights, a series curated by our VP of Channels, Shawn Lorenz. The series highlights notable industry news, key takeaways, and why it matters to combat the next cyberattack. This edition looks deeper at the real-world limitations of moving towards Shift-Left security for development groups and the recently announced “digital solidarity” policy announcement by the diplomacy arm of the US Government. Lastly, we review the never-ending list of newly discovered zero-day attacks by some of our favorite technology leaders, including Barracuda Networks, Fortinet, Ivanti, VMware, MITRE, and CISCO. Exciting times to be a good guy fighting evil.
đź’ˇDellfer Insight #1: It’s past the time to acknowledge that the traditional ‘patch faster, fix faster’ method is no longer effective. Now, your organization is taking a proactive step by initiating a Shift Left model, integrating security measures earlier in the development lifecycle. However, this transition is not without its considerable challenges, with inadequate cyber tools pitted against a large increase in the number of threats.
Your Cyber Security tools will not deliver the “Shift-Left” promise. Existing security tools only manage vulnerability lists of known CVEs instead of eliminating these attacks. Your easiest first step is to Integrate silos of these 50-year-old tools into a unified uber-list and link multiple dev and operation workflows. Two problems remain: 1) CVEs are known attacks; unknown (ZeroDay) attacks remain unexplored. 2) Too many vulnerabilities.
There are too many known defects in your code; prioritizing and remediating only a portion of these is exactly what the bad guys expect you to do. Organizing lists based on perceived severity levels (Unknown, Low, Moderate, High, and Critical) creates new attack vectors. Adding to the confusion, security tools spit out false positives, making the priority ranking useless. Investments to eliminate all bugs and vulnerabilities are the only solution, but the effort is considerable with existing tools.
Key Takeaway:
This 170 Billion security tools market is growing at 15% a year, and the need to innovate with disruptive tools is not a motivation. Too many vendors with aging tools that do not eliminate the backlog and do nothing for new, unknown Zero-Day exploits are blocking the benefits of shifting left for your organization.
Why It Matters:
Better tools that eliminate all vulnerabilities are needed. Dellfer’s ZeroDayGuard delivers a full implementation of shift-left security, eliminating known exploits during development and all zero-day exploits during runtime. No more holes in your code, as we eliminate all bugs and attacks with your existing development workflows and no false positives. One tool with no vulnerabilities in your code. Dellfer.
đź’ˇDellfer Insight #2: If you didn’t catch the keynote at RSA this year, U.S. Secretary of State Antony J. Blinken delivered a speech about technology’s influence on foreign policy and how the U.S. government is using diplomacy to shape a future that’s innovative, secure, and respectful of rights. While there weren’t any groundbreaking revelations, the timing of the policy announcement shortly after the TikTok divestment legislation is worth noting.
The U.S. State Department has released a strategy document outlining its cyber-diplomacy approach, emphasizing the concept of “digital solidarity” to assist partners and allies in using technology responsibly and supporting economic growth in developing nations.
The strategy reflects the tension between increasing global efforts to control technology and the historical emphasis on an open internet, particularly in the face of China’s growing technological influence. It underscores the U.S. policy to counter Beijing’s impact on technology and public policy. It emphasizes the promotion of companies committed to an open web to prevent strategic competitors from dominating essential technologies.
Key Takeaway:
The U.S. State Department’s strategy emphasizes “digital solidarity” to support technology diplomacy in addressing cyber threats from foreign authoritarian elements. It addresses challenges like cybercrime treaties and digital sovereignty narratives, reflecting tensions between global technology control efforts and the historical emphasis on an open internet.
Why It Matters:
Strategic policies are a good step forward. However, in practical terms, organizations must be more proactive in cybersecurity to tackle rising threats from China and Russian state actors. Traditionally, defenses have been reactive, using tools like firewalls and intrusion detection. Dellfer provides a new approach that protects against attacks proactively. ZeroDayGuard stops known and unknown attacks at the source—the source-code layer.
đź’ˇDellfer Insight #3: Chinese state-sponsored groups have significantly improved their embedding of zero-day vulnerabilities over the past five years, posing a persistent threat globally that has only recently been discovered. They target public-facing devices, especially edge appliances, with 85% of known zero-day exploits since 2021 focusing on these platforms. Recent attacks (below) demonstrate the limitations of traditional security solutions, emphasizing the need for more enhanced cyber tool strategies.
Ivanti announced that thousands of internet-facing Ivanti VPN appliances are affected by a recently revealed vulnerability, allowing for remote code execution. Tracked as CVE-2024-21894 with a CVSS score of 8.2, the flaw is a heap overflow bug in Ivanti Connect Secure and Policy Secure’s IPSec component. Ivanti released updates on April 2 to fix this and other vulnerabilities, including CVE-2024-22053, leading to denial-of-service.
Cisco reported that Government networks are under attack through a zero-day exploit targeting Cisco ASA security appliances, as per a recent report by Cisco Talos. State-sponsored hackers used three vulnerabilities (CVE-2024-20353, CVE-2024-20358 & CVE-2024-20359) to install backdoors on these devices, risking compromise of networks globally. The hackers accessed the networks through undisclosed flaws in Cisco ASA devices, aiming to create backdoors for persistent access. This attack campaign is called ArcaneDoor.
Palo Alto Networks announced a severe security issue affecting PAN-OS software. Known as CVE-2024-3400 with a CVSS score of 10.0, this vulnerability allows attackers to run code with high privileges on the firewall.
Barracuda Networks disclosed that Chinese hackers used a new zero-day in its Email Security Gateway (ESG) appliances to install backdoors on several devices. Known as CVE-2023-7102, this problem involves arbitrary code execution in a third-party open-source library called Spreadsheet::ParseExcel, used by the Amavis scanner in the gateway to check Microsoft Excel email attachments for viruses.
Fortinet alerted that a zero-day vulnerability in FortiOS has been used in attacks targeting government organizations. According to cybersecurity firm Mandiant, the attacks are likely carried out by a Chinese state-sponsored group. Tracked as CVE-2022-41328, the vulnerability is a medium-severity path traversal issue that can result in command execution and exploited in highly targeted attacks on government entities.
VMware An advanced China-nexus cyber espionage group previously linked to exploiting security flaws in VMware appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. The vulnerability in question is CVE-2023-34048 (CVSS score: 9.8), an out-of-bounds write that could be put to use by a malicious actor with network access to vCenter Server to achieve remote code execution
MITRE (See Ivanti) MITRE security researchers were surprised by a recent cyberattack that exploited zero-day vulnerabilities in Ivanti security products. A state-sponsored threat actor used these undisclosed weaknesses, details of which are not yet public, to breach MITRE’s unclassified research and development network (NERVE).
Key Takeaway:
Chinese threat actors increasingly exploit zero-day flaws in edge appliances. They have deployed covert backdoors for persistent access and target various tech companies. Zero-day attacks exploit unknown vulnerabilities, leaving no time for defense. These attacks can cause severe damage and compromise sensitive data for your customers, making them no longer an acceptable business model.
Why It Matters:
Dear Barracuda Networks, Fortinet, Ivanti, Palo Alto, MITRE, and VMware,
It’s a fact that cyber-attacks have occurred in the past and will continue in the future. Bugs and zero-day exploits are being shipped in your code even today. I suggest taking inspiration from Jeff Abbott, the CEO of Ivanti, who recognized the seriousness of their security issues by stating, “We will use this opportunity to begin a new era at Ivanti.” Abbott announced a “broad shift that fundamentally transforms the Ivanti security operating model” and committed to making a “significant financial investment” in adopting secure-by-design principles for all Ivanti products.
We call it “ZeroDayGuard” for a reason. Dellfer is ready to have a discussion. Reach out anytime.
