Welcome to the Cyber Watch series for today, September 29, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization.
According to Security Magazine, The Cybersecurity and Infrastructure Security Agency (CISA) has introduced the “HBOM Framework”, a comprehensive initiative designed to strengthen supply chain risk management across industries. This framework aims to mitigate vulnerabilities and bolster the resilience of supply chains, recognizing their critical role in national security and economic stability.
The HBOM Framework, which stands for Hardware Bill of Materials, provides organizations with a structured approach to identify and address supply chain risks associated with hardware components. It emphasizes transparency, traceability, and collaboration among stakeholders.
By adopting the HBOM Framework, organizations can enhance their ability to assess and manage supply chain risks effectively. CISA encourages public and private sector entities to integrate this framework into their risk management practices, fostering a more resilient and secure supply chain ecosystem.
A recent SC Media report reveals that the notorious BlackTech cyber-espionage group has executed a series of highly sophisticated attacks targeting multinational corporations, with a focus on infiltrating Cisco firmware, a critical component of many organizations’ network infrastructure.
Security experts have identified these attacks as part of a larger cyber espionage campaign orchestrated by BlackTech, known for its affiliation with a specific nation-state. Infiltrating Cisco firmware grants attackers an unparalleled level of access and control over a corporation’s network, enabling data theft, surveillance, and potential disruption of operations.
The attacks involve a combination of spear-phishing emails and exploiting previously undisclosed vulnerabilities in Cisco’s firmware. These tactics exemplify the level of expertise and resources at the disposal of the BlackTech gang.
As investigations continue, it is imperative for the global cybersecurity community to collaborate and share threat intelligence to stay one step ahead of such determined adversaries, safeguarding sensitive data and critical infrastructure from espionage and disruption.
Pension firms worldwide are grappling with a staggering surge in cyberattacks, with reported incidents skyrocketing by an astonishing 4,000%. This alarming trend has raised significant concerns about the security of financial institutions managing retirement funds and personal financial data. According to InfoSecurity Magazine, ”Overall, financial services firms recorded a 242% increase in cyber-attacks leading to breaches – from 187 incidents to 640 over the same period”.
The attacks vary in sophistication, ranging from phishing attempts to advanced ransomware campaigns. Threat actors are increasingly targeting pension firms to gain unauthorized access to sensitive financial information, potentially putting retirees’ savings and personal data at risk.
Security experts attribute this exponential increase in attacks to several factors, including the growing value of financial data on the dark web and the vulnerabilities exposed during the shift to remote work. Additionally, the financial sector remains an attractive target for cybercriminals due to the potential for large financial gains.
In a significant cyberattack, the Mixin Network, a well-known cryptocurrency platform, has fallen victim to hackers who exploited vulnerabilities in its infrastructure. This breach highlights the relentless targeting of cryptocurrency platforms and the growing threat to digital assets.
According to Cybersecurity News, the attackers gained unauthorized access to the Mixin Network’s systems, resulting in the theft of a substantial amount of cryptocurrency assets. The exact extent of the breach is still under investigation, but initial reports suggest that millions of dollars worth of digital currencies have been siphoned off.
The Mixin Network is working diligently to mitigate the impact of the breach and enhance its security protocols. However, this event serves as a stark reminder that the cryptocurrency landscape is fraught with risks, necessitating constant vigilance and proactive cybersecurity strategies to safeguard digital assets from increasingly sophisticated threats.
CNBC reports that Caesars Entertainment, a major player in the hospitality and casino industry, paid a substantial ransom to cybercriminals just prior to the recent cyberattack on MGM Resorts. The incident underscores the alarming rise in ransomware attacks and the difficult decisions organizations face when confronted with the choice of paying for ransomware or risking data exposure.
Caesars Entertainment, which operates numerous renowned casinos and hotels worldwide, reportedly paid a multimillion-dollar ransom to a cybercrime group that had compromised its systems. This payment was made to prevent the release of sensitive customer data and maintain the integrity of their operations.
The subsequent cyberattack on MGM Resorts, a separate entity in the same industry, suggests a potential connection between the two incidents. Cybersecurity experts are intensifying efforts to investigate the nature of this association and the broader implications for the hospitality sector.
According to a recent report by Cyber News, the National Security Agency (NSA) has published a comprehensive guide aimed at helping organizations and individuals defend against cyberattacks perpetrated by Chinese state-sponsored hacking groups. The guide offers invaluable insights into the tactics, techniques, and procedures employed by these threat actors, highlighting the growing urgency of countering nation-state cyber threats.
Chinese state-sponsored hackers have been consistently targeting routers and network infrastructure to infiltrate organizations and governments globally. These attacks pose severe risks, from data theft and espionage to network disruptions and potential control of critical systems.
The NSA’s guide provides practical recommendations for enhancing router security, including regular firmware updates, strong password policies, and network segmentation. It emphasizes the importance of network hygiene and vigilance in detecting and mitigating intrusions.
Cisco, a global leader in networking technology, has issued a cautionary alert regarding ongoing attempts to exploit a zero-day vulnerability in its widely-used iOS (Internetwork Operating System) software. This revelation has raised concerns about the potential for widespread cyberattacks targeting critical network infrastructure.
According to a Security Week report, the zero-day exploit, which takes advantage of an unpatched vulnerability in Cisco’s iOS software, enables threat actors to gain unauthorized access to network devices. Once compromised, these devices can be manipulated to facilitate data breaches, espionage, or even network disruptions.
Security experts emphasize the severity of this threat, as Cisco’s iOS is deployed in a myriad of critical infrastructure settings, including government agencies, healthcare institutions, and corporate networks. The urgency of addressing this vulnerability cannot be overstated. Cisco is actively working to develop a patch to rectify the issue. In the interim, network administrators are urged to implement mitigation measures and closely monitor their systems for any signs of intrusion.
The Philippines’ state health insurer, the Philippine Health Insurance Corporation (PhilHealth), is currently in the throes of a crippling ransomware attack that has severely disrupted its operations. This incident highlights the persistent and evolving threat of ransomware targeting critical institutions worldwide.
According to a recent The Record Media report, the ransomware attack, believed to be a variant of the notorious Conti ransomware, has rendered numerous PhilHealth systems inaccessible and compromised sensitive data. This disruption has had significant repercussions on the delivery of healthcare services and the protection of patients’ personal information.
PhilHealth has not disclosed whether they intend to pay the ransom, a contentious issue in the fight against ransomware. Such attacks pose a difficult dilemma for organizations, as yielding to ransom demands can encourage cybercriminals while refusing can result in data leaks and further damage.
Recently, The Hacker News published a report on the current state of attacks aimed at the Ukrainian military. According to the report, Ukraine’s military forces are currently grappling with a surge in targeted phishing attacks, a development that has raised significant national security concerns. These attacks come at a time of heightened geopolitical tensions and underscore the persistent threat of cyberattacks on critical infrastructure.
The Ukrainian military has reported a significant increase in spear-phishing attempts aimed at compromising its networks and stealing sensitive information. These attacks are believed to be the work of nation-state actors seeking to gather intelligence and potentially disrupt military operations.
Ukraine has been a frequent target of cyberattacks, particularly in the context of its ongoing conflict with Russia. The current surge in phishing attempts serves as a stark reminder of the evolving cyber threats faced by nations and the critical importance of bolstering cybersecurity measures to safeguard national security interests.
A significant data leak has struck Darkbeam, a prominent cybersecurity firm specializing in dark web intelligence, exposing the sensitive information of millions of individuals. This incident sheds light on the irony of a cybersecurity company falling victim to a data breach and the broader implications for data privacy.
According to a recent Cyber News report, the exposed data includes personally identifiable information (PII), financial records, and even login credentials belonging to both private individuals and corporate entities. Cybersecurity experts are expressing deep concern over the magnitude of this breach, given Darkbeam’s role in tracking cyber threats.
Darkbeam is actively working to mitigate the impact of the breach, notifying affected parties, and enhancing its security measures. However, the incident underscores the critical need for organizations, regardless of their cybersecurity expertise, to remain vigilant and invest in robust security practices to safeguard sensitive data.
That’s all for today. Stay tuned for our next episode. See you next week!