Cyber Risk Update 24 FEB 2023
This week's cyber risk digest.
Threat Actors
An open-source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. https://thehackernews.com/2023/02/threat-actors-adopt-havoc-framework-for.html
Threat Actors launch executive impersonation attacks in at least 13 languages https://www.scmagazine.com/news/email-security/bec-groups-launch-executive-impersonation-attacks-in-at-least-13-languages
A sophisticated botnet known as MyloBot has compromised thousands of systems, with most of them located in India, the U.S., Indonesia, and Iran. BitSight, said it's "currently seeing more than 50,000 unique infected systems every day. https://thehackernews.com/2023/02/mylobot-botnet-spreading-rapidly.html
What sets the HardBit group apart from the others is not its ransomware but rather the request for victims to tell them the maximum amount their insurance will cover for a ransom payment so they can demand the same amount. https://www.scmagazine.com/news/ransomware/this-ransomware-group-wants-you-to-double-cross-your-insurer
Nation States
The suspected state-sponsored group connected to India has been linked to 61 attempted attacks against government, military, law enforcement, and other targets in Afghanistan, Bhutan, Myanmar, Nepal and Sri Lanka between June 2021 and November 2021. https://www.infosecurity-magazine.com/news/sidewinder-apt-attacks-regional/
A bilateral group of government agencies on February 13, 2023, issued an advisory highlighting ransomware attacks on digital networks and critical infrastructure, particularly against healthcare systems. https://www.nextgov.com/cybersecurity/2023/02/cisa-south-korean-agencies-issue-joint-warning-north-korean-ransomware/382894/
Extreme dwell time! Russian state hackers have breached multiple Ukraine government websites this week using backdoors planted as far back as December 2021. https://www.bleepingcomputer.com/news/security/ukraine-says-russian-hackers-backdoored-govt-websites-in-2021/
Wslink downloader may have links to the North Korean Lazarus Group https://www.scmagazine.com/news/cybercrime/wslink-downloader-north-korean-lazarus-group
CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia's 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat. https://www.cisa.gov/news-events/alerts/2023/02/23/cisa-urges-increased-vigilance-one-year-after-russias-invasion-ukraine
Vulnerabilities
Researchers have revealed details about flaws in industrial systems that could give hackers access to the most sensitive networks. https://cyberscoop.com/vulnerabilities-industrial-conference-s4x23/
Due to increased security and privacy concerns, the European Commission has prohibited the use of TikTok on government-issued devices. Additionally, employees must remove the app from their personal devices if they have work-related applications, such as corporate email. This marks the first time that the executive branch of the EU, the European Commission, has banned a mobile app. https://www.wsj.com/articles/tiktok-is-banned-on-european-commission-staff-work-devices-2cad0f07
Cybersecurity Workforce
Organizations of all sizes are bracing for staff cuts in 2023, with 85% of respondents in a new (ISC)² study saying they believe layoffs will be necessary as the economy slows. Cybersecurity teams, however, will be the least affected by staff reductions as organizations anticipate an increase in cyber threats in 2023. https://www.isc2.org/Research/How-the-Cybersecurity-Workforce-Will-Weather-a-Recession
Cybersecurity is national security, but what happens when the Great Resignation infiltrates the industry? Experts are predicting that 2023 will be the year that the Great Resignation spreads to the role of Chief Information Security Officer (CISO). https://cyber-center.org/the-great-ciso-resignation/
Standards
Last month, NIST published a concept paper laying out some of the initially planned changes. NIST plans to have a draft of CSF 2.0 ready by this summer before releasing a final version in early 2024. https://www.nist.gov/system/files/documents/2023/01/19/CSF_2.0_Concept_Paper_01-18-23.pdf
Trends
Twitter announced that starting March 20, only Twitter Blue subscribers will be able to use SMS-based two-factor authentication (2FA) to save twitter money from SMS costs. https://www.wsj.com/articles/twitter-to-limit-two-factor-authentication-by-text-to-paid-subscribers-1c901a65
Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031 https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/
FTC: Americans Lost $8.8 Billion to Fraud in 2022 After 30% Surge https://www.bleepingcomputer.com/news/security/ftc-americans-lost-88-billion-to-fraud-in-2022-after-30-percent-surge/
Warnings
The nation’s top cybersecurity leaders are warning state and local election officials of ongoing foreign and domestic national security threats to election systems, urging them to upgrade their defenses. https://www.govtech.com/security/feds-push-locals-to-boost-election-security-before-2024
Certification
The (ISC)² Certified Authorization Professional (CAP) certification is now known as the Certified in Governance, Risk and Compliance (CGRC). The new name better represents the knowledge, skills, and abilities required to earn and maintain this certification. https://blog.isc2.org/isc2_blog/2023/02/cap-is-now-certified-in-governance-risk-and-compliance-cgrc.html
Commenti