Viasat Traces Outage to Exploit of VPN Misconfiguration – BankInfoSecurity.com

npressfetimg-1926.png

Business Continuity Management / Disaster Recovery
,
Critical Infrastructure Security
,
Cybercrime

About 30,000 Modems Knocked Offline as Russian Forces Began Invasion of Ukraine

Viasat’s “KA-SAT Network cyberattack overview”

Tens of thousands of modems were knocked offline in central Europe at nearly the same time Russian forces invaded Ukraine on Feb. 24.

See Also: Third Party Risk: Lessons on Log4j

The outage affected infrastructure run by communications company Viasat, based in Carlsbad, California. Four days later, the company reported that it was investigating the outage, which it says affected “fixed broadband customers” (see: Russia May Have Caused Widespread Satellite Network Outage).

On March 17, the U.S. government warned that it is “aware of possible threats to U.S. and international satellite communication networks.” So far, neither the U.S. nor the Ukrainian government have attributed the attack to any individual or nation-state, although Russia or a close ally remain obvious suspects.

On Wednesday, Viasat published an update on its probe of the outage, which affected some users of the KA-SAT satellite communications, or SATCOM, network it operates. Specifically, it says attackers knocked offline approximately 30,000 residential broadband modems sold under the Tooway brand, and provided by Italy-based Skylogic, which is a subsidiary of French satellite operator Eutelsat.

“This cyberattack did not impact Viasat’s directly managed mobility or government users on the KA-SAT satellite,” Viasat says in its overview and incident report. “Similarly, the cyberattack did not affect users on other Viasat networks worldwide.”

Viasat, which provides the modems on a wholesale basis to distributors, says it has already shipped 30,000 replacement modems and that more are available if required. The company says the original modems were not destroyed or bricked, but rather knocked offline via a series of commands sent by attackers.

In some cases, distributors have been able to issue over-the-air updates to the modems that have brought them back online, Viasat says, “but where such updates are insufficient to timely restore functionality, new modems are being provided as the most efficient way to restore service.”

Viasat has hired digital forensics investigation firm Mandiant to probe the attack and says it and Eutelsat/Skylogic are assisting an ongoing, international law enforcement and cybersecurity agency investigation into the attack.

Attackers Exploited VPN Misconfiguration

The network disruption began Feb. 24 at 5:02 a.m. local time in Ukraine, when Viasat says “high volumes of focused, malicious traffic” began to be issued by two of the Skybeam modems sold under the Tooway brand, which were part of the Skylogic network and supported via a consumer-focused network segment. It says the denial-of-service attack made it difficult for other modems to connect, after which they were forced offline.

On March 15, Ukrainian cybersecurity official Viktor Zhora told reporters the disruption was “a really huge loss in communications in the very beginning of war,” as Reuters reported of his press conference.

Source: FBI and U.S. Cybersecurity and Infrastructure Security Agency security alert – March 15, 2022: “Strengthening Cybersecurity of SATCOM Network Providers and Customers”

Viasat’s Wednesday update provides a closer look at what happened.

“Subsequent investigation and forensic analysis identified a ground-based network intrusion by an attacker exploiting a misconfiguration in a VPN appliance to gain remote access to the trusted management segment of the KA-SAT network,” Viasat says.

“The attacker moved laterally through this trusted management network to a specific network segment used to manage and operate the network, and then used this network access to execute legitimate, targeted management commands on a large number of residential modems simultaneously,” it adds. “Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”

‘Less Sophisticated Than Expected’

One takeaway from the new breach report is that the attack was “significantly less sophisticated than expected, and required less preparation than assumed,” says Thomas Rid, a professor of strategic studies at Johns Hopkins University.

Namely, the attack involved “no supply chain compromise, no modified firmware, no irreparable damage,” he tweets.

A Viasat official says the company continues to defend against active attempts to further disrupt its network.

“We’re still witnessing some deliberate attempts,” the official, speaking on condition of anonymity, told Reuters on Tuesday.

Viasat has new defenses in place, and attackers continue to try and work around them. “We’ve been seeing repeated attempts by this attacker to alter that pattern to test those new mitigations and defenses,” the company official told Reuters.

No Attack Attribution – Yet

No government has yet attributed the attacks.

On Friday, The Washington Post quoted unnamed U.S. officials who said they suspected that Russian military intelligence officers were behind the disruption.

But attribution remains a political exercise, and governments typically only attribute attacks when it’s advantageous to do so.

Source: https://www.bankinfosecurity.com/viasat-traces-outage-to-exploit-vpn-misconfiguration-a-18815

VPN

npressfetimg-1255.png
VPN

What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.

CLICK TO G…….

Read More
npressfetimg-1182.png
VPN

How to Pick a VPN for Torrenting – How-To Geek

Favebrush/Shutterstock.com

When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More
npressfetimg-1109.png
VPN

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More