MITRE ATTACK JAN 2024 - CHRONOLOGY AND RECOMMEDATIONS
Deepak Joshi
CISO, Cybersecurity, Data Privacy, GRC, AI / ML, MTech IIT Delhi, CISSP, CIPP/E, CHFI, ISO 27001 LA, 27701 LA, 42001 LA, PhD Research Scholar Deepfake Image Forensics
1. Introduction. MITRE Corporation was one of over 1700 organizations compromised by a state-backed hacking group in January 2024. The attack involved chaining two Ivanti VPN zero-days. Details are as under:-
(a) The breach was discovered after suspicious activity was noticed on MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), prompting the organization to take NERVE offline and launch an investigation.
(b) The breach involved two zero-day vulnerabilities firstly an authentication bypass (CVE-2023-46805) and secondly a command injection (CVE-2024-21887), allowing threat actors to bypass multi-factor authentication defenses and move laterally through compromised networks using hijacked administrator accounts.
(c) The attackers utilized sophisticated webshells and backdoors to maintain access to hacked systems and harvest credentials, and the scale and severity of the attacks prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue an emergency directive.
2. Actions Post Breach Discovery. After discovering the breach, MITRE promptly took NERVE offline and initiated an investigation with the aid of both in-house and external cybersecurity experts. This decisive action demonstrates MITRE's proactive approach in response to the security incident. The organization's swift containment measures and thorough investigation reflect its commitment to addressing and mitigating the breach effectively.
3. Recommendations. In response to the breach, MITRE highlighted the need for organizations to adopt more sophisticated cybersecurity solutions and outlined four key recommendations from external experts which are as under:-
(a) Advance Secure by Design Principles
领英推荐
(b) Operationalize Secure Supply Chains
(c) Deploy Zero Trust Architectures
(d) Adopt Adversary Engagement
These recommendations reflect a comprehensive approach to cybersecurity, emphasizing the importance of proactive and multi-layered security measures.
4. Conclusion. ?MITRE attack is a reminder of the ongoing threat posed by cyber adversaries and the critical need for organizations to continually enhance their cybersecurity defenses. MITRE's experience serves as a poignant example, underscoring the significance of vigilance, proactive security measures, and strategic partnerships to defend against sophisticated cyber threats.?