The Australian Signals Directorate (ASD) recently issued a warning regarding a malicious implant called “BADCANDY.” This malware targets unpatched Cisco IOS XE devices. Attackers exploit a critical vulnerability known as CVE-2023-20198, which has a CVSS severity rating of 10.0, allowing unauthorized access through the web user interface of Cisco’s software.
Understanding the Threat Landscape
The ASD’s advisory highlights that unknown actors are actively searching for vulnerable Cisco devices. They specifically look for those that have not been patched against the aforementioned flaw. Once the BADCANDY implant is detected, attackers can monitor its removal and reinstall their malware if necessary.
Impact of Rebooting
- Rebooting an infected device will remove BADCANDY.
- However, this action does not undo any changes made by the threat actor.
- Rebooting may alert attackers, prompting them to intensify their efforts.
The ASD emphasizes the urgency for organizations to patch their systems against CVE-2023-20198 to avoid the risk of re-exploitation by these attackers.
Recent Cybersecurity Incidents
In a related development, a former defense contractor executive, Peter Williams, pleaded guilty to selling proprietary exploits to a company linked to the Russian government. Williams, who worked for L3Harris in Washington, D.C., sold software components designed for national security purposes.
Details of the Case
- Williams acknowledged two counts of theft of trade secrets.
- He was promised up to $4 million in cryptocurrency for his services.
- Proceeds from his crime, approximately $1.3 million, were used for luxury goods and a house in D.C.
Each charge he faces carries a potential sentence of 10 years. The Department of Justice has recommended a total of 11 years and three months in prison based on his cooperation.
Staying Vigilant Against Malware
The rise of malware like BADCANDY and incidents involving insider threats underline the importance of cybersecurity vigilance. Entities must ensure their systems are updated and that employees are trained to recognize potential threats.
Implementing robust security measures, such as regular patching and employee education, can protect against such vulnerabilities and malicious activities.
