News

Cybersecurity News Round-Up: Week of January 10, 2022

  • None--Security Boulevard
  • published date: 2022-01-14 17:19:00 UTC

None

<div class="feedwordpress-gaffer-full-text"> <div class="article-wrapper"> <div id="article-header"> <img src="https://www.globalsign.com/application/files/5416/4156/5488/iStock-1359626730.jpg" alt="Cybersecurity News Round-Up: Week of January 10, 2022"> <div class="article-author author-found"> <img src="https://www.globalsign.com/application/files/8715/4533/9823/amy-krigman.jpg"> <ul class="article-stamp"> <li>January 14, 2022</li> <li><a href="https://www.globalsign.com/en/blog/authors/amy-krigman">Amy Krigman</a></li> </ul> </div> </div> <div id="article-content"> <div class="inline-content"> <p>Hello and welcome back to the GlobalSign blog! Here’s the highlights of some of the week’s most important stories.</p> <p>The White House hosted an open-source software security summit following the recent Log4j vulnerability. Attendees included Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites.</p> <p>Meanwhile, several U.S. government agencies issued a joint cybersecurity advisory regarding Russia. It comes as tensions mount over a potential Russian invasion of Ukraine. The advisory issued by CISA, the FBI and the NSA summarizes the older and more recent vulnerabilities exploited by Russian threat actors, as well as some of their high-profile operations. Examples of attacks include theft of data from government organizations and aviation networks, and operations aimed at industrial control systems (ICS) in the energy sector. The advisory also reminds readers that the U.S. State Department is offering rewards of up to $10 million for information on state-sponsored hackers who have launched attacks on critical infrastructure.</p> <p>Hackers working for the North Korean government implemented a phishing campaign in October, and ultimately were able to take over the email account of a staff member of Russia’s Ministry of Foreign Affairs. The phishing campaign involved <a href="https://malpedia.caad.fkie.fraunhofer.de/details/win.konni">Konni malware</a>, which is known to be linked to APT37. In early January, Cybersecurity firm Cluster25 published research about a phishing campaign towards the end of December 2021 that delivered Konni RAT to staff at the Russian embassy in Indonesia. The Cluster25 researchers found that the hackers used the New Year theme as a decoy in the emails.</p> <p>Also this week, the European Data Protection Supervisor (EDPS) ordered the European Union law enforcement agency to delete any data it has on individuals that’s over six months old, provided there’s no link to criminal activity. The EDPS probed Europol’s collection of large datasets for strategic and operational analysis from April 2019 until September 2020. It concluded the law enforcement agency had lots of work ahead in terms of data minimisation and retention and encouraged Europol to make necessary changes and then let the EDPS know of its action plan.</p> <p>The recently published <a href="https://www.pwc.com/gx/en/issues/cybersecurity/global-digital-trust-insights.html">PwC 2022 Global Digital Trust Insights study</a> found that more than 60 per cent of Irish businesses expect cybercrime to increase this year, a higher level than their global counterparts. Some 62 per cent expect a rise in ransomware attacks, with 56 per cent anticipating an uptick in malware. After last year’s massive <a href="https://www.bbc.com/news/world-europe-58413448">ransomware attack on Ireland’s healthcare system</a>, it’s no surprise that Irish businesses are expecting cyber intrusions.</p> <p>Finally, on the lighter side of things, an Indian hacking group accidentally infected its own development environment with a remote access Trojan (RAT). Dubbed Patchwork by Malwarebytes and tracked under names including Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, the Indian group has been around since at least 2015 and actively launches campaigns designed to deploy RATs for the purposes of data theft and other malicious activities. In one of the latest attack waves connected to Patchwork, the group targeted individual faculty members from research institutions specializing in biomedical and molecular sciences. Unfortunately for them, it backfired. Which is so great because they are getting a taste of their own medicine! That is all for this week. As always, thanks for stopping by our blog. Have a great weekend!</p> <h2>Top Global Security News</h2> <p><em><strong>Cyberscoop </strong></em><strong>(January 13, 2022) White House hosts open-source software security summit in light of expansive Log4j flaw</strong></p> <p style="margin-left:40px;">Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders.</p> <p style="margin-left:40px;">Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites.</p> <p style="margin-left:40px;">“Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting.</p> <p style="margin-left:40px;">The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout.</p> <p style="margin-left:40px;"><a href="https://www.cyberscoop.com/white-house-log4j-open-source-software-security/">READ MORE</a></p> <p><strong><em>Bleeping Computer</em> (January 12, 2022) Hackers take over diplomat’s email, target Russian deputy minister</strong></p> <p style="margin-left:40px;">Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.</p> <p style="margin-left:40px;">One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America.</p> <p style="margin-left:40px;">The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool (RAT) associated with the cyber activity from North Korean hackers known as APT37 (or StarCruft, Group123, Operation Erebus, and Operation Daybreak).</p> <p style="margin-left:40px;"><a href="https://www.bleepingcomputer.com/news/security/hackers-take-over-diplomats-email-target-russian-deputy-minister/">READ MORE</a></p> <p><strong><em>The Register</em> (January 12, 2022) European Space Agency: Come on, hack our satellite if you think you’re hard enough</strong></p> <p style="margin-left:40px;">The European Space Agency (ESA) is inviting applications from attackers who fancy having a crack at its OPS-SAT spacecraft.</p> <p style="margin-left:40px;">It’s all in the name of ethical hacking, of course. The plan is to improve the resilience and security of space assets by understanding the threats dreamed up by security professionals and members of the public alike.</p> <p style="margin-left:40px;">OPS-SAT has, according to ESA, “a flight computer 10 times more powerful than any current ESA spacecraft” and the CubeSat has been in orbit since 2019, providing a test bed for software experiments.</p> <p style="margin-left:40px;"><a href="https://www.theregister.com/2022/01/11/ops_sat_hack/">READ MORE</a></p> <p><strong><em>Security Week</em> (January 12, 2022) U.S. Issues Fresh Warning Over Russian Cyber Threats as Ukraine Tensions Mount</strong></p> <p style="margin-left:40px;">Several U.S. government agencies have issued a joint cybersecurity advisory to provide an overview of cyber operations linked to Russia. The advisory comes as tensions mount over a potential Russian invasion of Ukraine.</p> <p style="margin-left:40px;">The latest advisory comes from CISA, the FBI and the NSA, and it provides TTPs, detection actions, incident response guidance, and mitigations for both IT and OT asset owners.</p> <p style="margin-left:40px;">While the advisory does not seem to provide any new information, it has been described as a “good historical digest especially for those new to the topic” by Robert Lee, CEO and co-founder of industrial cybersecurity firm Dragos.</p> <p style="margin-left:40px;">The advisory summarizes the older and more recent vulnerabilities exploited by Russian threat actors, as well as some of their high-profile operations. Examples of attacks include theft of data from government organizations and aviation networks, and operations aimed at industrial control systems (ICS) in the energy sector.</p> <p style="margin-left:40px;">The advisory also reminds readers that the U.S. State Department is offering rewards of up to $10 million for information on state-sponsored hackers who have launched attacks on critical infrastructure.</p> <p style="margin-left:40px;"><a href="https://www.securityweek.com/us-issues-fresh-warning-over-russian-cyber-threats-ukraine-tensions-mount">READ MORE</a></p> <p><strong><em>The Register</em> (January 11, 2022) EU data watchdog to Europol: You’ve helped yourself to too much data</strong></p> <p style="margin-left:40px;">The European Data Protection Supervisor (EDPS) has ordered European Union law enforcement agency Europol to delete any data it has on individuals that’s over six months old, provided there’s no link to criminal activity.</p> <p style="margin-left:40px;">EDPS says it probed Europol’s collection of large datasets for strategic and operational analysis from April 2019 until September 2020. The investigation concluded the law enforcement agency needed to up its game when it came to data minimisation and retention and encouraged Europol to make necessary changes and then let the EDPS know of its action plan.</p> <p style="margin-left:40px;">According to regulations, “personal data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which this data is processed,” and “personal data processed by Europol shall be kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed.”</p> <p style="margin-left:40px;"><a href="https://www.theregister.com/2022/01/11/eu_data_watchdog_to_europol/">READ MORE</a></p> <p><strong><em>The Irish Times</em> (January 10, 2022) Cybersecurity ‘blind spot’ putting Irish companies at risk – PwC report</strong></p> <p style="margin-left:40px;">Irish businesses are being put at risk by a “glaring blind spot” over the risks posed by their own suppliers to their cybersecurity, a new report says.</p> <p style="margin-left:40px;">PwC’s 2022 Global Digital Trust Insights study said more than 60 per cent of Irish businesses expect cybercrime to increase this year, a higher level than their global counterparts. Some 62 per cent expect a rise in ransomware attacks, with 56 per cent anticipating an uptick in malware.</p> <p style="margin-left:40px;">However, complex business relationships with suppliers and technology support networks pose “concerning” cyber and privacy risks, the survey found, with the majority of companies at home and abroad failing to realise the enormity of the situation. Only 38 per cent of Irish respondents claimed to have had a high understanding of the risk of data breaches through third parties, compared to 41 per cent of global organisations, while 24 per cent said they had little or no understanding of the risks.</p> <p style="margin-left:40px;">This comes despite more than half of Irish respondents anticipating a rise in breaches through their software supply chain.</p> <p style="margin-left:40px;">READ MORE</p> <p><strong><em>ZDNet </em>(January 10, 2022) Indian Patchwork hacking group infects itself with remote access Trojan</strong></p> <p style="margin-left:40px;">An Indian threat group’s inner workings have been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT).</p> <p style="margin-left:40px;">Dubbed Patchwork by Malwarebytes and tracked under names including Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, the Indian group has been on the scene since at least 2015 and is actively launching campaigns designed to deploy RATs for the purposes of data theft and other malicious activities.</p> <p style="margin-left:40px;">In one of the latest attack waves connected to Patchwork, the group targeted individual faculty members from research institutions specializing in biomedical and molecular sciences.</p> <p style="margin-left:40px;"><a href="https://www.zdnet.com/article/indian-patchwork-hacking-group-infect-themselves-with-remote-access-trojan/">READ MORE</a></p> <h2>Other Industry News</h2> <p><strong><a href="https://www.zdnet.com/article/maryland-officials-confirm-ransomware-attack-shut-down-department-of-health/">Maryland officials confirm ransomware attack shut down department of health – ZDNet</a> </strong></p> <p><strong><a href="https://www.theverge.com/2022/1/11/22878471/ransomware-attack-new-mexico-jail-lockdown-cameras-bernalillo-county">A ransomware attack took a New Mexico jail offline, leaving inmates in lockdown – The Verge</a> </strong></p> <p><strong><a href="https://www.bleepingcomputer.com/news/security/ukranian-police-arrests-ransomware-gang-that-hit-over-50-firms/">Ukrainian police arrests ransomware gang that hit over 50 firms – Bleeping Computer</a> </strong></p> <p><strong><a href="https://www.zdnet.com/article/finalsite-says-no-data-stolen-during-ransomware-attack-affecting-3000-us-public-schools/">Finalsite says no data stolen during ransomware attack affecting 3,000 US public schools – ZDNet</a> </strong></p> <p><strong><a href="https://www.infosecurity-magazine.com/news/phishers-take-over-fifa-22-accounts/">Phishers Take Over FIFA 22 Accounts – InfoSecurity</a> </strong></p> <p><strong><a href="https://www.theverge.com/2022/1/11/22878471/ransomware-attack-new-mexico-jail-lockdown-cameras-bernalillo-county">Who is the network access broker Wazawaka? – Krebs on Security</a> </strong></p> <p><strong><a href="https://www.helpnetsecurity.com/2022/01/13/phishers-adobe-cloud/">Phishers are targeting Office 365 users by exploiting Adobe Cloud – HelpNetSecurity</a> </strong></p> <p><strong><a href="https://www.britishchambers.org.uk/news/2022/01/bcc-finds-rising-cyber-attack-fears-in-hybrid-working-world">BCC Finds Rising Cyber-Attack Fears in Hybrid Working World – British Chambers of Commerce</a> </strong></p> <p><a href="https://www.securityweek.com/industrial-firms-advised-not-ignore-security-risks-posed-url-parsing-confusion"><strong>Industrial firms advised not to ignore security risks by posed by URL parsing confusion – Security Week</strong></a></p> </div> </div> <div id="article-social"> <dl id="article-share"> <dt>Share this Post</dt> <dd> <ul class="list-inline"> <li> <a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.globalsign.com%2Fen%2Fblog%2Fcybersecurity-news-round-week-january-10-2022" target="_blank" rel="noopener noreferrer" aria-label="Facebook"><i class="fa fa-facebook" aria-hidden="true" title="Facebook"></i></a> </li> <li> <a href="https://www.linkedin.com/shareArticle?mini-true&amp;url=https%3A%2F%2Fwww.globalsign.com%2Fen%2Fblog%2Fcybersecurity-news-round-week-january-10-2022&amp;title=Cybersecurity+News+Round-Up%3A+Week+of+January+10%2C+2022" target="_blank" rel="noopener noreferrer" aria-label="LinkedIn"><i class="fa fa-linkedin-square" aria-hidden="true" title="LinkedIn"></i></a> </li> <li> <a href="https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.globalsign.com%2Fen%2Fblog%2Fcybersecurity-news-round-week-january-10-2022" target="_blank" rel="noopener noreferrer" aria-label="Twitter"><i class="fa fa-twitter" aria-hidden="true" title="Twitter"></i></a> </li> </ul> </dd> </dl> </div> </div> </div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.globalsign.com/en/blog">Blog Feed</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Blog Feed">Blog Feed</a>. Read the original post at: <a href="https://www.globalsign.com/en/blog/cybersecurity-news-round-week-january-10-2022">https://www.globalsign.com/en/blog/cybersecurity-news-round-week-january-10-2022</a> </p>