Offensive Security: how we uncovered two Cisco WebEx vulnerabilities
15 January 2021
Offensive security should be part of your defence capabilities
When we shifted to distributed working, threat actors were quick to recognize the growing opportunity and potential payoff of exploiting vulnerabilities in collaboration and homeworking software and tools we were becoming increasingly dependent on. As the trend for remote working continues, cybercriminals are persistent in their attempts to disrupt business as usual, steal or damage company information by targeting vulnerable remote users and susceptibilities that exist within homeworking and teleconferencing tools.
As remote working increases, Cybercriminals are targeting vulnerabilities within homeworking and teleconference tools.
Two critical activities are becoming increasingly important to cybersecurity teams who are resource-challenged and struggling to keep on top of new threats and vulnerabilities and should be added to your offensive security repertoire if not already, especially in the era of remote working.
A Red Team plays the role of a cybercriminal to test what vulnerabilities and risks exist within a given organization’s people, processes, and technology. By enacting attack scenarios, security teams can identify how, with what, and where an organization can be compromised. This is especially critical as businesses adopt new technologies and services that support distributed remote working. It is a new state of operating for IT and Security Teams, certainly not business as usual, and as such, needs stress testing.
The Offensive Security Team at NTT Ltd. in Belgium leverages Red Teaming to help our clients and partners in this exact way. We recently discovered multiple issues within Cisco Webex, which we discuss in detail via our detailed Technical Briefing Document. All issues were zero-day vulnerabilities and officially reported to Cisco.
A Red Team plays the role of a cybercriminal, to identify how an organization can be compromised.
If you need any help in understanding or mitigating these vulnerabilities, you can get in touch with our Red Team who will be happy to help.
Threat Intelligence Sharing
At NTT Ltd. we firmly believe that intelligence is power and an increasingly critical part of offensive security strategies. It is impossible for a Security Team to Red Team test every possible scenario, especially considering the workload strain security professionals are already under.
When NTT’s Offensive Security and Digital Forensics and Incident Response Teams identify a threat or vulnerability, like those above, we share the intelligence with our partners and our own Global Threat Intelligence Center, who then publish it for our clients and the broader threat intelligence community. Threat actors are already incredibly good at this and it's part of why they’re so agile and successful.
NTT’s Global Threat Intelligence Center offers two free services that help security teams stay on top of it all:
- Emerging Threat Advisories provide security professionals with visibility of emerging threats and vulnerabilities identified before or as they are being actively exploited in the wild. This free subscription service is a sample of what our Managed Security Services clients receive directly from Analysts in our Security Operations Centers.
- In our Monthly Threat Report our Security Analysts share their reflections, insights, and examinations on the key cybersecurity happenings from around the world. They cover a wide range of topics including the latest threats, vulnerabilities, security technologies, patterns, and new methods used by threat actors, as well as industry-related security issues from the past month.
If you need any assistance dealing with the vulnerabilities identified in this article or you would like to start a conversation with NTT Ltd. about our Red Team Services, or Threat Intelligence Capabilities, please don’t hesitate to reach out to us.