Faith-Based Daily Awareness Post 27 July 2023

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against, and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats

Excerpts from the article:

A potentially serious vulnerability affecting a network door controller made by Axis Communications can expose facilities to both physical and cyber threats. The flaw, tracked as CVE-2023-21406 and rated ‘high severity,’ impacts the Axis A1001 network door controller. The company has released patches and additional security improvements to address the vulnerability.

Axis produces network cameras and other physical security products that are used by government and private sector organizations around the world. 

Analyst Comment:

Many FBOs, including houses of worship, go to great lengths to physically secure their buildings. Security measures often include network-based physical security products and building access controls such as doors and cameras. Given the technology-based nature of these products, cybersecurity vulnerabilities are often discovered that could impact the security and usability, potentially resulting in reduced physical security. To keep facilities and people safe, it is important for FBOs to maintain an awareness of the vulnerabilities regarding the building control systems implemented in their buildings and address (patch, update, upgrade, replace) accordingly.

New Nitrogen malware pushed via Google Ads for ransomware attacks

Excerpts from the article:

The Nitrogen malware campaign starts with a person performing a Google or Bing search for various popular software applications. Depending on the targeting criteria, the search engine will display an advertisement that promotes the searched-for software. Clicking the link brings the visitor to compromised WordPress hosting pages that imitate the legitimate software download sites for the particular application.

The goal of the Nitrogen malware is to provide the threat actors initial access to corporate networks, allowing them to conduct data-theft, cyberespionage, and ultimately deploying the BlackCat/ALPHV ransomware.

Analyst Comment:

At present, this malware is primarily targeting technology and non-profit organizations in North America. Google or Bing searches for popular software like AnyDesk, Cisco AnyConnect VPN, and TreeSize Free have been manipulated to impersonate the legitimate products with fake pages. These fake pages contain malware, including ransomware to gain access to business networks. Threat actors have the ability to manipulate any web search they want, and often leverage trending or business specific search terms. As many employees and volunteers frequently perform internet searches, members are encouraged to remind users to be careful when clicking on search engine results.