Welcome to the Cyber Watch series for today, December 22, 2023. At DigitalXForce, our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s Cyber Watch top 10 list is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization. Click on each headline to read the full story.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a detailed advisory titled “Enhancing Cyber Resilience,” presenting key findings and recommendations from a recent Risk and Vulnerability Assessment (RVA) in the healthcare and public health (HPH) sector. The advisory caters to organizations of all sizes within the HPH space and other critical infrastructure sectors.
In this strategic guidance, CISA not only highlights potential vulnerabilities identified during the RVA but also provides actionable mitigation strategies. The emphasis is on three overarching strategies: Asset management and security, Identity management and device security, and Vulnerability, patch, and configuration management. Each strategy is accompanied by specific focus areas and detailed steps for implementation.
In an unprecedented coordinated effort, police from 34 countries collaborated in Operation HAECHI IV, resulting in the arrest of 3500 individuals and the seizure of assets valued at $300 million. The operation, conducted by Interpol from July to December, focused on seven major cybercrime categories, including voice phishing, romance scams, and business email compromise fraud.
The staggering sum of $199 million in hard currency and $101 million in virtual assets was confiscated, underscoring the economic impact of transnational organized crime. Interpol’s Global Rapid Intervention of Payments (I-GRIP) played a pivotal role, allowing authorities to freeze suspicious bank accounts across borders.
The operation unveiled emerging digital fraud practices, leading to the issuance of two “purple notices.” One warned of a Korean NFT scam promising exorbitant returns, while the other highlighted the use of AI and deep fake technology to enhance the credibility of scams, enabling criminals to disguise their identities.
Notably, AI-generated synthetic content was implicated in cases reported by the UK, where criminals used voice cloning technology to impersonate known individuals. Investment fraud, business email compromise, and e-commerce fraud constituted 75% of the investigated cases.
The financial fallout from major cyberattacks continues its steep incline, reveals new data published today. Consultancy firm S-RM’s annual cybersecurity report polls hundreds of large organization decision-makers on emerging online threats. Their findings underscore the struggles in keeping up with the breakneck pace of malicious cyber activity.
The average cost of a single serious security breach now stands at a staggering $1.7 million – an 11% jump over 2022. For exposed companies without cyber insurance, this balloons to an even more daunting $2.7 million per incident on average. The main drivers range from business disruption during recovery to swollen insurance premiums after a claim.
And yet, IT security budgets expanded by just 3% this year amongst surveyed firms. S-RM warns that chronic underinvestment leaves dangerous gaps in risk protection. The top cited internal vulnerabilities include managing hybrid remote working, limited staff training on threats, and a deficient understanding of hyper-evolving cybercrime tactics.
Cybersecurity analysts have detected opportunistic hackers reviving dated weaknesses in popular business software to covertly compromise enterprise networks. Research revealed phishing emails carrying infected Microsoft Office documents are the trojan horse unlocking systems across the world to the prying eyes of information-stealing malware.
By persuading recipients to open Excel files in finance-themed messages, victims unwittingly trigger the exploitation of a memory vulnerability that has existed unused within Office’s Equation Editor module since 2017. With user privileges now hijacked, malicious scripts concealed inside the documents can download further specialist hacking tools without any action necessary from the target.
One strain of malware, the data-pilfering Agent Tesla, is the endgame for attackers who wish to silently monitor the keystrokes and confidential activities occurring on breached devices. Capable of scraping login details or commercial secrets before smuggling data out to external servers, Agent Tesla poses severe reputational and financial risks to its victims.
A stark warning sounded for hospital cybersecurity chiefs recently – modern connectivity without adequate defense measures puts patient safety on the line. Medical tech security expert Patrick Maw grabbed the attention of industry peers at a London conference highlighting the breakneck expansion of network-connected devices now administering care within our health services.
Everything from MRI scanners to insulin pumps and mobile test kits now plugs into hospital servers. While this enables unprecedented access to patient histories, it also hands opportunistic hackers a gateway to manipulate the devices and data provisioning vital diagnosis and treatment. Mr Maw warns that budget constraints see many such products relying on outdated operating systems like Windows 7 no longer receiving security updates from vendors.
With over 140 organized cybercrime units known to be probing healthcare providers, it seems only a matter of time before another debilitating breach. Mr Maw reminds his audience how ransomware attacks left NHS facilities digitally crippled back in 2017. He advises that medical tech regulation must demand higher cybersecurity standards from device manufacturers. For hospitals, priorities include establishing network firewalls to quarantine exposed legacy equipment.
A new and alarming phishing campaign has emerged, strategically impersonating a ‘copyright infringement’ email to deceive Instagram users. The deceptive messages falsely claim users have violated intellectual property laws, resulting in imposed account restrictions. In a bid to appeal this supposed decision, recipients are urged to click on a provided button, unwittingly redirecting them to sophisticated phishing pages.
The phishing campaign poses a grave threat by specifically aiming to pilfer the backup codes integral for bypassing two-factor authentication (2FA) on Instagram. 2FA is a fundamental security layer requiring additional verification during login, significantly enhancing the overall security of user accounts.
The attackers exploit users’ fears of copyright infringement consequences, creating a sense of urgency to click and appeal. Once on the phishing pages, users are prompted to enter sensitive account details, including the crucial backup codes.
The National Security Agency (NSA) achieved a significant milestone by preventing 10 billion user connections to known malicious or suspicious domains, as highlighted in its annual report for 2023. This underscores the agency’s pivotal role in securing national security systems, including classified information vital to the US military, intelligence, and defense industrial base (DIB) entities.
The NSA is not only safeguarding classified systems but also actively contributing to public cybersecurity. The agency shares solutions through public guidance and collaborates with technology providers to enhance the security of their products and services. The report notes a remarkable 400% increase in the adoption of the NSA’s no-cost cybersecurity services by Department of Defense (DoD) contractors, with over 600 enrolled organizations, primarily consisting of small businesses.
In addition to preventing billions of malicious connections, the NSA released six security products in 2023, addressing threats to communications, the DIB, and information technology. The agency’s focus extends to vulnerability scanning improvements, tracking state-sponsored activities, and actively promoting the secure development and integration of artificial intelligence (AI) through its newly established AI Security Center.
In a recent cyber incident, HCL Technologies, a leading Indian IT consulting firm, reported a ransomware attack within an isolated cloud environment for a specific project. The company promptly informed investors and stakeholders, emphasizing that no discernible impact had occurred across its broader network. However, the incident triggered a comprehensive investigation, with the company collaborating closely with relevant stakeholders to identify the root cause and take corrective action.
HCL Technologies, currently the fourth-largest Indian technology company by market capitalization, assured that cybersecurity and data protection remain top priorities. Despite this assurance, the incident led to a temporary dip in the company’s share price, highlighting the market’s sensitivity to cybersecurity events. The incident aligns with a broader trend in India, which has been identified as the third most targeted country by cyberattacks.
In a significant cyber incident, Iran’s gas stations face disruptions as hacking group Gonjeshke Darande claims responsibility. The group, previously tied to Israel, emphasizes controlled actions to minimize civilian impact. The attack follows a pattern, as the group targeted Iran’s major steel company in June 2022, citing regional tensions as motivation.
Iran’s Oil Minister, Javad Owji, suggests potential outside interference as investigations unfold. This event raises concerns about the escalating cyber conflicts shaping geopolitical dynamics. The group’s assertion of a measured approach, sparing emergency services and leaving some stations unaffected, underscores the evolving tactics in cyber warfare.
As nations grapple with the blurred lines of state-sponsored cyber activities, this incident adds a new layer to the complex landscape of digital security and international relations. The impact on civilians and the resilience of critical infrastructure in the face of such attacks will likely drive discussions on global cybersecurity policies.
The Play ransomware group, also known as Playcrypt, has been targeting a range of enterprises and critical infrastructure across North America, South America, and Europe since June 2022. The Federal Bureau of Investigation (FBI), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), has issued a joint advisory to address the threat posed by Play ransomware.
As of October 2023, approximately 300 companies have reported falling victim to the Play ransomware attacks. The advisory aims to disseminate Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified by the ransomware group.
The collaboration between the FBI, CISA, and ASD’s ACSC emphasizes the global nature of cyber threats and the need for coordinated responses to mitigate the impact. Play ransomware’s persistent targeting of enterprises and critical infrastructure underscores the evolving challenges faced by organizations in safeguarding their digital assets.
That’s all for today. Stay tuned for our next episode. See you next week!