Security News > 2022 > July

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. LockBit, which operates on a ransomware-as-a-service model like most groups, was first observed in September 2019 and has since emerged as the most dominant ransomware strain this year, surpassing other well-known groups like Conti, Hive, and BlackCat.

While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down. This week we reported on two new enterprise-targeting ransomware operations called RedAlert and 0mega, which both perform double-extortion attacks.

Foreign Policy has a three-part podcast series on squid and global fishing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

The global cloud migration continues to fuel a market expected to hit the $1 trillion milestone in 2028. A recent report of Forrester Consulting, commissioned by Quali, found that 63% of surveyed IT and decision-makers say their organizations lack the support for a variety of cloud resources.

Five months after announcing plans to disable Visual Basic for Applications macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment.

A new ransomware operation named '0mega' targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega is a new ransomware operation launched in May 2022 and has attacked numerous victims since then.

Well, the bug CVE-2022-33980, which doesn't have a catchy name yet, is a very similar sort of blunder in the Apache Commons Configuration toolkit. The name's quite a mouthful: Apache Commons is another Apache project that provides numerous Java utilities that provide a wide range of handy programming toolkits.

Onur Aksoy, the CEO of a group of dozens of companies, was indicted for allegedly selling more than $1 billion worth of counterfeit Cisco network equipment to customers worldwide, including health, military, and government organizations. These devices were sold as new and genuine Cisco products through dozens of Amazon and eBay storefronts to customers across the United States and overseas, some ending up on the networks of hospitals, schools, government, and military orgs.

Microsoft has fixed a known issue causing Office applications like Word and Excel to crash when working with cloud documents. The complete list of affected Office apps includes Excel for Microsoft 365, Word for Microsoft 365, and PowerPoint for Microsoft 365.

A report released Tuesday by the Cyber Readiness Institute looks at the slow state of MFA adoption among SMBs. CRI surveyed 1,403 small business owners across the U.S., the U.K., New Zealand, Japan, India, Germany, Canada and Australia from May 2 to May 15. Among the respondents, 55% admitted that they're not very aware of MFA and its security benefits, while 54% said they haven't adopted MFA for their business.