Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; Representative Director, President and CEO: Toshihiro Koike; hereinafter referred to as "CSC"), a global security company, has confirmed in a survey of over 24,000 websites in Japan that cyber attacks targeting the PHP CGI vulnerability (CVE-2024-4577) have increased sharply since June 7. We would like to warn you about the "vulnerabilities" that require immediate attention and careless access to the "dark web," and to inform you of measures to avoid becoming a victim and the dangers of the dark web.

Summary
・Attacks targeting PHP vulnerabilities have increased tenfold since June 7th!
・Be careful about inadvertent access to the dark web

[Attacks targeting PHP vulnerabilities have increased tenfold since June 7th!]

▲Changes in the number of attacks detected by our company
According to research, attacks exploiting the PHP vulnerability (CVE-2024-4577) have increased dramatically since June 7th. Up to 10 times more attacks have been detected compared to the average for the past three months, putting many websites at risk of attack. The existence of malware exploiting this vulnerability has also been confirmed, and it is not surprising that damage has already occurred in the form of ransomware. Corporate websites and websites that handle personal information must not ignore the vulnerability and must take immediate action.

■ What is the PHP vulnerability (CVE-2024-4577)?
This is an issue in PHP CGI mode that allows an attacker to execute arbitrary code using specific input. This occurs because PHP does not properly handle input values, and affects all PHP versions that run on Windows OS. By exploiting this vulnerability, an attacker can execute commands on the server remotely, potentially causing serious damage to the system. As a countermeasure, it is recommended to update to the latest version of PHP.

PHP: PHP is a programming language that is primarily used to create dynamic web pages. For example, when a user logs in, PHP is used to dynamically generate a page that displays information about that user.
CGI (Common Gateway Interface): CGI is a mechanism for web servers to communicate with external programs such as PHP. For example, when a user enters information on a website and submits it, CGI is used to process that information on the server side.

[Be careful about inadvertent access to the dark web]
Recently, the existence of the dark web has been increasingly featured in the news, and we have seen cases of people carelessly accessing the dark web. This is a very dangerous act. Therefore, we would like to inform you about the dangers of the dark web.

■ What is the Dark Web?
It's a part of the internet that can't be accessed through typical search engines, it requires specific software, configuration and authentication, and it's a network designed to provide anonymity.

■ Common misconceptions and warnings about the dark web

There are many misconceptions about the dark web, but it is a very dangerous place and we do not recommend that general users access it easily. Please understand the risks and make safety your number one priority.

Safety Misconceptions:
The dark web has a wide variety of content, including many sites designed to attack users. Accessing it carelessly increases the risk of personal information being leaked or malware being infected.

Confusing legal and illegal:
While there are some legitimate uses, there is a lot of illegal trading and activity going on, and careless access could make you unintentionally involved in a crime.

Anonymity misconceptions:
Many people may think that the dark web is completely anonymous, but in reality, there is advanced surveillance technology and there is a risk of being tracked. Also, downloading leaked data carelessly can lead to profits for criminal groups, so you should never purchase or download data out of curiosity.

■ Three measures that companies should take, as proposed by our CTO, Yoji Watanabe

1. Technical measures
As a technical measure, the first step is to introduce security products and implement measures to prevent intrusions. It is also important to list and visualize as many measures as possible that need to be implemented. Since it may not be possible to implement all measures immediately, start with the minimum number of measures that can be implemented. By repeatedly discussing within the company which measures can be implemented, you can also reaffirm the problems with cybersecurity measures.

<Examples of technical measures>
Install anti-virus software on PC, install IDS/IPS, install WAF
Periodic update of software in use, implementation of security diagnosis
Creating a system that is conscious of not exposing vulnerabilities

2. Physical measures
Physical measures refer to measures against physical factors such as theft and disasters.
I don't know if it can actually happen, but let's assume the worst and take measures.

<Example of physical measures>
Installation of security cameras, thorough locking of employee desks, thorough locking of offices, management of entry and exit records
Introduction of biometric authentication system, reinforcement of earthquake resistance, introduction of earthquake-resistant equipment

3. Personnel measures
Human measures are measures that set rules for security. In addition to setting rules, it is also important to hold briefing sessions and other training to ensure that employees comply with them.

<Example of human measures>
Restrictions on taking work home, rules for password management, and education about targeted emails
Implementation of security education, determination of communication and reporting system in the event of an incident

Safety can be further improved by implementing three measures: technology, physics, and people.

■ We will give priority to those who are worried about being victims of cyber attacks.
https://go.shadan-kun.com/ksk/campaign/2022/202207_emergency

About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Address: 13F JR Tokyu Meguro Building, 3-1-1 Kami-Osaki, Shinagawa-ku, Tokyo 141-0021
Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp
With the mission of "creating a cyberspace that people all over the world can use safely and securely," we are a Japanese security manufacturer that provides vulnerability information collection and management tools and fully managed security services for cloud environments, centered on web application security services that make full use of the world's leading cyber threat intelligence. As one of the global companies in cybersecurity, we will contribute to solving social issues related to cybersecurity and provide added value to society.