Information Technology

Unknown threat actors have been employing a Windows rootkit for years to stealthily install backdoors on vulnerable machines.

In a campaign dubbed Operation TunnelSnake by Kaspersky researchers, the team said on Thursday that an advanced persistent threat (APT) group, origin unknown but suspected of being Chinese-speaking, has used the rootkit to quietly take control of networks belonging to organizations. Rootkits are packages of tools that are designed to stay under the radar by hiding themselves in deep levels of system code. Rootkits can range from malware designed to attack the kernel to firmware, or memory, and will often operate with high levels of privilege.  According to Kaspersky, the newly-discovered rootkit, named Moriya, is used to deploy passive backdoors on public-facing servers. The backdoors are then used to establish a connection — quietly — with a command-and-control (C2) server controlled by the threat actors for malicious purposes.  The backdoor allows attackers to monitor all traffic, incoming and outgoing, that passes through an infected machine and filter out packets sent for the malware. The packet inspection occurs in kernel mode with the help of a Windows driver. The rootkit also waits for incoming traffic in order to bury communication with the C2 and eradicate the need to reach out directly to the C2, which would potentially leave a malicious footprint that could be detected by security products. “This forms a covert channel over which attackers are able to issue shell commands and receive back their outputs,” Kaspersky says. “Since Moriya is a passive backdoor intended to be deployed on a server accessible from the internet, it contains no hardcoded C2 address and relies solely on the driver to provide it with packets filtered from the machine’s overall incoming traffic.”

Kaspersky suspects the APT is Chinese-speaking, supported by the use of post-exploit tools previously linked to Chinese threat groups including China Chopper, Bounder, Termite, and Earthworm. Malicious activities include host scanning, lateral movement across networks, and file exfiltration.  Victims of the APT have been found in Asia and Africa. The researchers say that “prominent” diplomatic organizations in these regions have been targeted. While the rootkit was detected in October 2019 and May 2020, the team suspects that based on timestamps related to the post-exploit of another victim in South Asia, the APT may have been in operation since 2018, or earlier.  However, it appears that attacks are extremely focused — with less than 10 victims worldwide recorded by Kaspersky telemetry. At least, so far.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Internet-connected technology that’s used to power smart cities makes a very tempting target for cyberattacks and local authorities need to be aware of the risks that they – and their citizens – could face if malicious hackers are able to tamper with infrastructure or services.Urban infrastructure, including emergency services, transport, traffic light management, CCTV and more, is increasingly using sensors and becoming connected to the Internet of Things in an effort to collect data and provide better, more efficient services.

However, the UK’s National Cyber Security Centre (NCSC) – the cyber arm of intelligence agency GCHQ – has warned that cyber-physical systems in smart cities could be compromised by cyber attackers if they are not secured properly.SEE: Sensor’d enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)The huge volume of sensitive data being collected and stored by IoT-connected smart cities, plus the ability to disrupt, “makes these systems an attractive target for a range of threat actors,” the NCSC’s new guidance for securing smart cities warns.”These connected physical environments are just emerging in the UK, so now is the time to make sure we’re designing and building them properly. Because as these ‘connected places’ become increasingly joined up, the ubiquity of the services they provide will likely make them a target for malicious actors,” said Ian Levy, technical director at the NCSC. To help guide local authorities and protect infrastructure, organisations and people from the threat of cyberattacks that could target smart cities, the NCSC has published a series of principles that should be adhered to in order to provide these networks with the highest possible level of cybersecurity.

To start with, local authorities should understand the role of their connected place. By determining who is responsible for the connected place, what the IoT network will look like, what data will be collected, processed, stored, and shared and what operational technology is in place already, authorities can begin connecting smart cities with security in mind from the start.Authorities are also urged to understand the potential risks to the connected place. These risks range from knowing exactly what devices and software is being used to connect the place up – ensuring that it’s from a trusted, reputable vendor – to ensuring those devices are sufficiently secured when it comes to authentication. For example, a city shouldn’t be rolling out IoT devices across the network if those products still have a default username and password, as that would make them an easy target for cyber attackers, particularly if data is “collected or processed in a dumb way,” said Levy.SEE: Wi-Fi hotspots, pollution meters, gunshot locators: How lampposts are making cities smarterSmart cities are supposed to help improve services for people, but being irresponsible with data storage could result in privacy violations and poorly implemented security could allow cyber attackers to interfere with services and systems people need.”We hope these principles will help designers, owners and managers of connected place systems to make well-informed cybersecurity choices,” said Levy. While the NCSC guidance doesn’t refer to any particular potential cyber-threat actor, the director of GCHQ recently warned that the emergence of China as technology producer means that the UK and other countries could face challenges if organisations – or local authorities – become reliant on devices and software made in the country.”States that do not share our values build their own illiberal values into the standards and technology upon which we may become reliant. If that happens, and it turns out to be insecure or broken or undemocratic, everyone is going to be facing a very difficult future,” said Jeremy Fleming. MORE ON CYBERSECURITY More

The Internal Revenue Service (IRS) has secured an order to obtain records from Kraken on customers performing cryptocurrency trades. 

In the latest crackdown centered on cryptocurrency trading which is not reported for tax and income purposes, the IRS has been granted permission by a federal court in the Northern District of California to issue a “John Doe” summons on Payward Ventures Inc. and Kraken, its US-facing arm. The US Department of Justice (DoJ) said this week that the IRS is seeking information on US taxpayers who have conducted at least $20,000 — or the equivalent — in cryptocurrency trades on the platform between 2016 and 2020.   It is important to note, however, that the summons does not imply wrongdoing on the San Francisco-based cryptocurrency exchange’s part.  The summon seeks records on US taxpayers from Kraken, counted among its customers, who may have not complied with internal revenue laws and tax requirements — such as trading in cryptocurrency but failing to record taxable profits. A John Doe order is issued in circumstances when individuals have not been identified.  According to IRS guidance (.PDF), “convertible” cryptocurrency — able to be exchanged for fiat currency, such as Bitcoin (BTC) — may have tax liabilities in the United States. Virtual currency taxes have to be determined based on “fair market values” at the time of trading or purchase. Mining, too, might be taxable.  

Court documents state that the information request “is part of an ongoing, extensive investigation involving substantial IRS resources that is producing real results — millions of dollars in previously unreported and unpaid taxes recovered for the treasury to date.” “There is no excuse for taxpayers continuing to fail to report the income earned and taxes due from virtual currency transactions,” commented IRS Commissioner Chuck Rettig. “This John Doe summons is part of our effort to uncover those who are trying to skirt reporting and avoid paying their fair share.” A similar summons was previously issued to Circle, a blockchain-based payments platform headquartered in Boston.  Coinbase, too, is also subject to scrutiny by the IRS and law enforcement agencies as a popular cryptocurrency exchange. In the firm’s latest transparency report, Coinbase revealed 4,227 requests in 2020, with 90% made from the US, UK, and Germany. In total, under 5% were civil or administrative requests, whereas the rest stemmed from criminal investigations.  Update 14.40 BST: A Kraken spokesperson told ZDNet:”One of Kraken’s guiding principles is maintaining the security and privacy of its client accounts. We understand that the court has expressed concern over the scope of the proposed IRS Summons. Though the posture of this case has not given Kraken an opportunity to weigh in, we share similar concerns.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google has joined Stop Scams and outlined new measures to try and clamp down on financial fraud in the United Kingdom. 

On Friday, Vice President and MD of Google UK & Ireland, Ronan Harris, said that Google is the first major tech giant to partner with Stop Scams UK, an industry-led group that aims to tackle scams at the “source” by sharing threat data and creating scam-busting initiatives for organizations to roll out. Members include Lloyds, Barclays, NatWest Group, and Vodafone. Ofcom and the Financial Conduct Authority (FCA) have also provided their support.  UK Finance estimates that £1.26 billion ($1.75bn) was lost last year alone to scams in the UK. Phishing messages, fake emails pretending to be from banks and insurers, spoof phone calls, and social engineering are all common but due to the COVID-19 pandemic and stay-at-home orders, other forms of scam have pushed to the forefront.  These include delivery-based text messages, fake vaccination appointment ‘reminders’ and charges, romance scams, investment ‘opportunities,’ and the fraudulent use of photos of trusted financial experts — including Martin Lewis — across social media to tout dubious cryptocurrency schemes in a time where many of us have lost work and may be worried about our financial future.  Action Fraud estimated that £2 million was lost to coronavirus-themed scams between the start of the pandemic and April 2020 alone.Scammers may use standard letters sent in the post, text messages, email, phone calls, or social media platforms to lure in their victims. Now, while working with the FCA, Google has pledged $5 million (£3.5m) in advertising credits to give organizations a wider scope to launch public awareness campaigns. 

In addition, Google says that the company is going to spend the next few months developing and rolling out further restrictions for financial services in the United Kingdom that advertise through the firm’s platform in order to tout fraudulent ‘opportunities’ to invest, to start a pension, and more.  “Over the past year, we introduced several verification processes to learn more about the advertisers and their business operations,” Harris commented. “During the verification period, we pause advertiser accounts if their advertising or business practices are suspected of causing harm. We are currently requiring all UK financial services advertisers to complete these programs in order to run ads.” Over 4,000 websites were added to the FCA’s warning list in 2020 for potentially running scam operations and Google has updated existing advertising policies to prevent the use of terms that make unrealistic promises when it comes to financial returns.  “Our teams are working hard on this issue because we all want UK consumers to feel safe and protected when they are managing their finances,” Google says. “Even as attempts by scammers evolve, we will continue to take strong action and work in partnership with others to help keep consumers safe.” In related news this week, Google announced an upcoming, automatic enrollment of more users into two-step verification (2SV). As passwords are not considered enough to protect our accounts, two-factor authentication can help by creating an additional layer of security. Another option is using hardware-based verification, such as the Google Titan key fob.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image:Vocus
On Anzac Day, former cybermoat conjurer and secretary of the Department of Home Affairs Mike Pezzullo issued a provocative missive on the beating of the drums of war. A nanosecond of thought is all that is needed to reveal the target of the missive — China — and as if to hammer the point home, this week saw Beijing cut off China-Australia Strategic Economic Dialogue talks. Then the Australian prime minister, in a revealing feat of geopolitical misspeaking, used the words “one country, two systems” when talking about Taiwan. One country, two systems is the way Beijing handles its special administrative regions of Hong Kong and Macau. This is the backdrop upon which two Vocus executives spoke this week at CommsDay Summit, with both reinforcing the company’s pitch as being able to provide sovereignty to its customers. “Sovereignty is a factor which Vocus increasingly sees as a competitive advantage in a market where security is critical to success,” Vocus general manager for government and strategic projects Michael Ackland said. “We’ve seen an accelerating trend, particularly from government customers, where the use of sovereign assets is not just a nice-to-have but a must-have.” The company is currently on a path that will see it be acquired by Macquarie Infrastructure and Aware Super, at a valuation of AU$3.5 billion, to remain in local hands. It was something Ackland said would help with the sovereignty play.

“It’s about having a sovereign network, which is supported by two of Australia’s leading institutions and operated by secure staff, based in secure network operations centres,” Vocus COO Ellie Sweeney said a day earlier. Sweeney outlined that Vocus runs a separate secure network, called VAS, alongside its regular commercial network using segregated systems and equipment, while adding that the company will double its capital expenditure on network security during the next fiscal year. In March, two years after it first ran the idea up the proverbial flagpole, the federal Digital Transformation Agency released its Hosting Certification Framework for data centre providers, which Sweeney said could be extended to network providers. “It’s not much of a stretch to consider that if government is so concerned about how, when and where data is stored and processed, the next logical step is to take an active interest in how, when and where data is carried across networks,” the COO said. Sweeney added the company saw opportunities in building submarine cables as “new sovereign infrastructure”. This should hardly be surprising, given in 2018 Canberra decided to use around AU$200 million of its foreign aid budget to lock Huawei out of building a subsea cable to the Solomon Islands and Papua New Guinea. Instead of Huawei, Vocus eventually picked up a AU$137 million contract to build the cable. “As we have seen over the past year or two in the submarine market, governments around the globe are willing to intervene to ensure cables are built by trusted vendors and are routed through trusted territories to avoid geopolitical issues,” Sweeney said. The Vocus chief operating officer said the consortium model used to fund subsea cables might be dead, at least in the eyes of government customers. “We’ve certainly seen a growing appetite from our wholesale customers seeking capacity from Asia to the US via Australia to avoid politically contentious areas to our north,” she said. “Vocus’ complete ownership of the ASC [Australia-Singapore Cable] cable and the domestic network it’s connected to gives us a unique advantage for customers seeking certainty of about where their data is travelling. Route diversity is also increasingly seen as a critical factor, both for terrestrial networks and international networks.” During her speech, Sweeney announced Vocus would build a cable to close the loop on its national network between Geraldton and Port Hedland, under the banner of Project Horizon. “In total, Project Horizon will establish a 2,000-kilometre network of both new and existing fibre between Port Hedland and Perth via Newman, Meekatharra, and Geraldton,” Sweeney said. “The Horizon system will be designed with transmission capacity starting at 38Tbps per fibre pair, giving us a clear upgrade path … as demand requires it. It will provide another layer of redundancy and give Vocus a ‘figure 8’ of network rings across Australia’s eastern and western states. It will allow Vocus to provide geographically diverse backhaul out of Darwin.” The company is also planning to connect ASC with its North-West Cable System between Darwin and Port Hedland, as well as branch the North-West cable to Kupang on the island of Timor. Project Horizon is due to be completed by the end of 2022. Sovereignty in space Vocus not only sees sovereignty over terrestrial infrastructure as an advantage; it also wants to push it on the arena of low-Earth orbit (LEO) satellites. With its national fibre footprint, Vocus believes it is well placed to capitalise on LEO players wanting ground stations to keep latency low. “These low latencies are dependent on the deployment of extensive ground infrastructure with high-capacity fibre backhaul, so processing and storage can occur as close to the edge of the network as possible. This means having ground stations in regional areas close to where the end-users are located, to minimise round-trip time,” Ackland said. “By now you should be starting to see why a fibre company is taking such a strong interest in LEO satellites.” Ackland said the company’s controlled environment vaults (CEVs) could be upgraded to function as ground stations “all over the country”. The other card Vocus has up its sleeve, according to Ackland, is the millimetre wave spectrum it gained in December alongside the likes of SpaceX Starlink, Field Solutions Group, WorldVu (One Web), Inmarsat, Viasat, O3B/SES, New Skies Satellites/SES as well Telstra, Optus, and NBN. “Our fibre network provides the foundation to install many more CEVs and ground stations in the future as LEO satellite operators require them. And while we have the fibre, and we have the CEVs to establish ground stations, we now have another key asset to make our LEO satellite business a reality — the spectrum required to turn these CEVs into ground stations,” he said. Ackland said there was a strong argument that LEO satellites could replace voice services in the bush, which he believes would remove the need for Telstra to hook up premises with copper lines under the Universal Service Obligation. The Vocus executive went further and questioned whether NBN should be investing in its loss-making regional networks. “Wouldn’t it be more economically efficient to subsidise non-NBN services to ensure they’re set at a similar price to metropolitan equivalents, and for NBN to write off the losses? These are no longer questions that can be left for another day,” he said. “These are questions which need to be considered here and now, since LEO operators like Starlink now offering commercial services.” Even though Ackland said the LEO service is better than fixed wireless, and sometimes fibre to the node and HFC connectivity, he doesn’t believe the world will switch completely. “They will provide a viable alternative in many instances where latency meant satellite could never have been considered,” Ackland said. “I should also make it clear that LEO satellites are not going to make NBN’s two Sky Muster satellites redundant overnight either.” Vocus is using NBN business satellite services to complement its terrestrial footprint when providing connectivity to the likes of the Australian Bureau of Meteorology (BoM). In March, the Bureau called on the federal government to have its own satellite capability. “All satellite data used by the Bureau is received from international partners … this arrangement has worked well but access to this data is not guaranteed into the future,” BoM said. “In recent years there has been an exponential growth in commercial satellite data providers offering new business models, resulting in potential threats and opportunities in the space industry. In the future, this may pose a risk to the volume of data the Bureau can access if current arrangements for the free and open exchange of international satellite data are reduced.” The Bureau recently added to its wishlist, floating the idea of running a subsea cable to Antarctica and improving satellite connectivity to its weather stations. Earlier this week, Vocus was part of the launch of space communications startup Quasar, which is looking to provide ground stations as-a-service via electronically-steered phased array technology.”This technology emulates the behaviour of a traditional parabolic antenna, but no longer requires the antenna to mechanically track satellites across the sky,” Ackland explained. “As a result, Quasar’s technology is able to connect to hundreds of satellites at once, managing connections through time slots for uplink and downlink activity.”One thing which excites me about our work with Quasar is that it’s an Australian company, backed by Australian funding, developing a sovereign Australian capability in the modern-day space race.” Related Coverage More

Suicide Prevention Australia has asked the federal government to do more to regulate the gambling industry, particularly when it comes to the behind-the-scenes data-sharing arrangements betting platforms have with one another.The Senate Standing Committees on Environment and Communications is currently looking into the online gambling space. The focus of the inquiry are the amendments to the Interactive Gambling Act 2001 that would prevent interactive gambling service providers from accepting payments by credit card, creating a criminal offence and civil penalty provision for those that do so, to be overseen and enforced by the Australian Communications and Media Authority (ACMA).But in its submission [PDF] to the inquiry, Suicide Prevention Australia has highlighted simply blocking credit card use is not enough to curtail the domino effects a gambling problem can have.”While we welcome the reforms in this amendment, we believe the Commonwealth government should go further in reducing potential harms to the lives of Australians who engage in interactive gambling,” it wrote.The organisation shared with the committee the findings of a roundtable it hosted in October. “Our roundtable identified the need for greater regulation of the gambling industry across jurisdictions in Australia. In particular, the need for restrictions on gambling companies use of personal information to target gamblers by offering incentives to gamble,” it said.

Suicide Prevention Australia said that betting companies share client data among each other.”For example, when a client ceases gambling with one company, the company trades client lists with another company who then offers targeted incentives or enticements to the person so they begin gambling again with a new company,” the submission explained.This alarming practice was detailed by the ABC in an article it published last year, which shared the experience of an Australian man who had closed a betting account only to be wooed back in by special treatment and VIP status. He also received unsolicited calls from a competing betting platform when his account with the first was frozen. “The issue of data sharing and incentives has a significant impact on Australians who gamble, as problem gamblers are being actively incentivised to resume their problematic behaviours, which can extend to resuming other forms of gambling eg electronic gaming machines,” Suicide Prevention Australia said. “Gambling companies are further not required to conduct financial risk assessments on clients prior to opening an account with the company.”To that end, it has asked the committee to consider its recommendation to strengthen privacy regulations for people who gamble to prohibit companies from sharing or selling client contact data among the industry.The organisation also called for more to be done around advertising regulation, pointing to a study commissioned by the Victorian Responsible Gambling Foundation on young men and their gambling behaviours that found, on average, participants had four separate accounts with online betting companies. It said the report also found gambling uptake was driven by promotions from betting companies.In its submission [PDF], the ACMA said the potential benefits of banning the use of credit cards for online gambling domestically needed to be balanced against the risk of consumers moving their gambling activities to offshore providers.It noted that illegal offshore gambling services often allow consumers to use Australian credit cards to deposit money into their accounts. “We have observed that these illegal gambling providers are increasingly using third party payment processors to mask their gambling services and the MCC [merchant category code] can reflect services other than gambling,” it wrote. “This can make it difficult for credit card providers, or indeed those potentially charged with regulatory oversight, to identify the illegal activity and take disruptive action.”The providers of these illegal offshore services are typically located in jurisdictions with limited regulatory oversight and minimal or no consumer protections, it added.IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:Suicide Call Back Service on 1300 659 467Lifeline on 13 11 14Kids Helpline on 1800 551 800MensLine Australia on 1300 789 978Beyond Blue on 1300 22 46 36Headspace on 1800 650 890QLife on 1800 184 527RELATED COVERAGE More

Millions of phones across the globe were affected by a vulnerability found within a ubiquitous Qualcomm chipset, according to researchers with Israeli cybersecurity firm Checkpoint. 

ZDNet Recommends

Check Point’s Slava Makkaveev published a blog post on Thursday highlighting a security flaw in Qualcomm’s Mobile Station Modem Interface “that can be used to control the modem and dynamically patch it from the application processor.” “An attacker can use such a vulnerability to inject malicious code into the modem from Android. This gives the attacker access to the user’s call history and SMS, as well as the ability to listen to the user’s conversations,” Makkaveev wrote. “A hacker can exploit the vulnerability to unlock the SIM, thereby overcoming the limitations of the service providers imposed on the mobile device,” he added, explaining that the Qualcomm Mobile Station Modem Interface enables the chip to communicate with the operating system found within the smartphone.The Check Point report noted that the Qualcomm Mobile Station Modem Interface can be found in an estimated 30% of all smartphones out in the world today. Thankfully, the company notified Qualcomm of the vulnerability in October, which then tracked it as CVE-2020-11292 and labeled it a “high rated vulnerability.” Patches were sent to smartphone makers in the fall of 2020, according to a Qualcomm statement sent to multiple outlets including The Record and Bleeping Computer. The chip has been in cellphones and smartphones since the 1990s and has been continuously updated over the years to support the transitions from 2G to 3G, 4G, and now 5G. Samsung, Xiaomi, Google, and One Plus are just a few of the smartphone brands leveraging the chip. 

Setu Kulkarni, vice president of strategy at WhiteHat Security, said this was one of many examples of the “supply chain” nature of the problem plaguing mobile phone vendors, Qualcomm, the Android OS, and the apps on the Play Store. “Making it all work together requires careful synchronization in terms of versions and supported capabilities between the mobile phones, the chipset, the OS, and the apps — and that’s where the cracks are for vulnerabilities to slip through,” Kulkarni said. “Especially since there is no one throat to choke in these kinds of issues.” Even though Qualcomm has patched the issue, Kulkarni questioned who is holding the other parties in the ecosystem to account for the issue. The proliferation of Android-based devices presents a scalability challenge to deploy the fix and at the same time the end-users are completely unable to understand the issue, Kulkarni added. “Which customer will understand the issue in the chipset? One may wonder, is that why Apple is increasingly becoming a closed ecosystem? With control over the device, the chipset, the OS, and the highly regulated App Store — does Apple stand a better chance to protect its customers in such events? Time will tell,” Kulkarni explained.  More

(Image: Shutterstock)
Cisco released software updates this week addressing multiple vulnerabilities the company says “could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.”

A variety of security lapses were found in Cisco’s SD-WAN vManage Software and in the web-based management interface of HyperFlex HX, all of which required software updates Cisco said in a statement that there were no workarounds that address these vulnerabilities.The company published detailed breakdowns of each vulnerability, highlighting specific issues revolving around SD-WAN vManage Cluster Mode Unauthorized Message Processing, Privilege Escalation, Unauthorized Access, vManage Denial of Service, and Unauthorized Services Access. The vulnerabilities allow authorized and unauthorized users to send unauthorized messages to the vulnerable application, gain elevated privileges, make application modifications or cause a DoS condition on affected systems. Software updates were also released to address security gaps with Cisco’s HyperFlex HX Installer Virtual Machine Command Injection and the Data Platform Command Injection.Cisco’s Product Security Incident Response Team said it was not aware of any “malicious use of the vulnerabilities” yet for either product. Many of the vulnerabilities listed only affect Cisco SD-WAN vManage Software that is operating in a cluster, and users can figure out whether their software is operating in cluster mode by checking the Cisco SD-WAN vManage web-based management interface Administration > Cluster Management view.The company has sent out multiple updates to address new vulnerabilities over the past few months. Oliver Tavakoli, CTO at cybersecurity firm Vectra, said the drumbeat of vulnerability disclosures against Cisco’s SD-WAN product line actually has a silver lining: Most of the reported vulnerabilities are being discovered by Cisco engineers during what appears to be a period of concentrated security testing. 

“While we all want perfect software, vendors who find and fix security vulnerabilities before in-the-wild exploits against them are reported should be encouraged to continue on this journey. The key measure of success will ultimately be when high and critical vulnerabilities for this product line gradually slow to a trickle,” Tavakoli said. JupiterOne CMO Tyler Shields noted that there has been a recent spike in exploit disclosure for SD-WAN, VPN, and other network-based technologies. He said this is due, in part, to the impact of the pandemic and an increase in network requirements for remote offices and work from home scenarios. Shields added that discovery of exploits tends to cluster over time and said he expects additional network technology-based exploits to be disclosed as hackers continue to target those types of devices.Dirk Schrader, global vice president of security research at New Net Technologies, echoed those remarks, telling ZDNet that because of their importance to the infrastructure, networking devices are, by nature, prime targets for cyber-criminals.”Given the criticality of those vulnerabilities now patched by Cisco, it will be just a matter of time until the patch cycle race once again will distinct between those ahead of the curve and those behind,” Schrader said. “Running a full-scale vulnerability scan on the organization’s infrastructure, both from an external point as well as from an internal one, is necessary to be ahead.” More