Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
New data from Tenable reveals that organizations are still struggling with good cyber hygiene as older vulnerabilities, some dating back to 2017, continue to be the primary target for cyberattacks. Despite patches being made available by vendors, organisations repeatedly fail to apply them, resulting in an increasing number of attacks throughout last year.
The top exploited vulnerabilities include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and VPN solutions from Fortinet, Citrix, and Pulse Secure. Even highly publicized vulnerabilities like Log4Shell, Follina, Atlassian Confluence Server, and ProxyShell were not promptly addressed by organisations, despite the availability of mitigations and patches. Additionally, four of the first five zero-day vulnerabilities exploited in 2022 were disclosed to the public on the same day the vendor released patches and mitigations.
It is crucial that organisations apply the patches released to address this vulnerability as soon as possible in order to protect their systems.
The US Marshals service revealed that it recently fell victim to a ransomware security breach that resulted in the compromise of sensitive law enforcement information. According to a spokesperson for the agency, the cyber-attack occurred on February 17th, when the Marshals service "discovered a ransomware and data exfiltration event affecting a stand-alone system". The affected system was then disconnected from the network in order to prevent any further damage.
The spokesperson for the Marshals service did not provide details on the nature of the compromised information or whether the agency had paid the ransom demanded by the hackers.
This incident underscores the importance of cybersecurity measures for all organisations, including government agencies. It also highlights the need for vigilance in detecting and responding to potential cyber threats. While it is not always possible to prevent cyber-attacks, prompt detection and response can help mitigate the damage and prevent further compromises.
According to its deep web blog, the LockBit ransomware group has released data that allegedly belongs to Royal Mail International, over a month after the company confirmed the attack. Despite originally demanding a ransom of £65 million, LockBit is now asking for £33 million instead.
The leaked data is available for download in a 44GB compressed 7-Zip file, and there is also a separate plaintext document containing a manifest of the file's contents. Upon initial analysis of the documents, it appears that sensitive files related to different aspects of the business have been leaked. These files include HR records for one employee, salary and overtime payment information for various employees, a file referencing the 'network layout', and several files that relate to contracts with third parties.
The Russian government is reportedly considering decriminalising hacking but only for those who carry out attacks that benefit the country's interests in the ongoing conflict in Ukraine. This new exemption would apply to a broader group of attackers, including individuals in Russia and abroad, many of whom left the country after it announced mobilisation last year.
Currently, in Russia, anyone involved in the development, deployment, and circulation of harmful software can face a maximum prison sentence of seven years, with no exceptions. This has led to a significant number of pro-Kremlin hacker groups operating outside the law and facing legal action.
Despite their usefulness in the Ukrainian conflict and an unspoken understanding between these groups and the government, this situation could change if Vladimir Putin's regime is ousted. If approved, the exemption would provide pro-Kremlin hacktivists with a legal carte blanche to carry out attacks. Hacktivist groups such as Killnet, XakNet, NoName057(16), CyberArmyRussia, and FRwL Team may be among those most likely to benefit from this new rule.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.