Cyber Risk Update 10 FEB 2023

Threat Actors

• Multiple Agencies have warned that a global ransomware campaign targeted VMware servers, exploiting a software vulnerability. The patch to the vulnerability was released by VMWare two years ago. https://www.reuters.com/world/europe/italy-sounds-alarm-large-scale-computer-hacking-attack-2023-02-05/

Local Governments Under Attack

• Tehama County officials have issued a warning that they had received an email asking for payment. The county advised those who received the email not to respond to it and refrain from providing any information. https://www.govtech.com/security/california-county-issues-warning-after-phishing-attempt

• Modesto police computer network hobbled by ransomware attack https://www.modbee.com/news/local/article272300678.html

• City of London on High Alert After Ransomware Attack https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

• Only 20% of the victims had approached law enforcement about their attacks. https://www.wsj.com/articles/christopher-wray-tries-to-thaw-fbis-frosty-relationship-with-business-11675911906

Cybersecurity Industry

• The U.S. Still Needs Cybersecurity Pros Despite All the Tech Layoffs https://news.clearancejobs.com/2023/01/27/the-u-s-still-needs-cybersecurity-pros-despite-all-the-tech-layoffs/

• Cyberskills gap to widen during economic downturn https://www.csoonline.com/article/3686470/economic-headwinds-could-deepen-the-cybersecurity-skills-shortage.html

• Corporate boards struggle to understand cybersecurity and digital transformation. They consider cyber and data security as their most challenging issue. https://www.cybersecuritydive.com/news/corporate-boards-cybersecurity-digital-transform/642062/

• The rapidly growing body of data regulation calls for organizations to have robust data governance programs, and that starts with a cross-functional team that develops a data governance framework. https://www.itprotoday.com/analytics-and-reporting/case-strong-data-governance-program-2023

Awareness

• Mindset shifts get staff thinking about online risks. Three mindset shifts will help employees build a habit of vigilance and make better security decisions. https://www.darkreading.com/operations/are-your-employees-thinking-critically-about-their-online-behaviors

Risks & Vulnerabilities

• Ransomware: ESXiArgs Campaign Snares at Least 2,803 Victims, Florida State Court System Among Victims https://www.govinfosecurity.com/ransomware-esxiargs-campaign-snares-at-least-2803-victims-a-21148

• 28% BEC Emails are Opened and 15% Get a Reply https://www.hipaajournal.com/28-bec-emails-are-opened-and-15-get-a-reply/

Scams

• PayPal and Twitter abused in Turkey relief donation scams https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/