Security News
The X Trader software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec's Threat Hunter Team. While the Trading Technologies supply chain compromise is the result of a financially motivated campaign, the breach of multiple critical infrastructure organizations is worrisome, seeing that North Korean-backed hacking groups are also known for cyber espionage.
Experts say the attacks demonstrate the risk that fairly unsophisticated attacks pose even to well-defended enterprises and that other countries should take notice and prepare. Starting before the annual OpIsrael hacktivist assault on Israeli enterprises from April 6 to 9, Israel experienced recent attacks by Russian entities like Killnet and Anonymous Sudan, a cybersecurity bugbear for Israel this year.
Hyper-volumetric DDoS attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers. In general, Cloudflare reports steady DDoS activity in the first quarter of the year, with a notable 60% YoY increase in the ransom DDoS attacks, representing 16% of all recorded/reported DDoS attacks.
According to Etay Maor, Senior Director Security Strategy at Cato Networks, "It's interesting to note critical infrastructure doesn't necessarily have to be power plants or electricity. A nation's monetary system or even a global monetary system can be and should be considered a critical infrastructure as well." Not to mention the infamous Colonial Pipeline attack, which has become the poster child of critical infrastructure attacks.
Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial of service, allow configuration manipulation, and achieve remote code execution, according to security researchers. Most of these operational technology products - which include industrial control systems and related devices - claim security certifications, some of which they did not actually have.
The Federal Bureau of Investigation revealed in its 2022 Internet Crime Report that ransomware gangs breached the networks of at least 860 critical infrastructure organizations last year. "The IC3 received 870 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack," the FBI said.
Today, the U.S. Cybersecurity & Infrastructure Security Agency announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks. "Through the Ransomware Vulnerability Warning Pilot, which started on January 30, 2023, CISA is undertaking a new effort to warn critical infrastructure entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors," the cybersecurity agency said.
Today, the U.S. Cybersecurity & Infrastructure Security Agency announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks. "Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency announces today the establishment of the Ransomware Vulnerability Warning Pilot," the cybersecurity agency said.
An international law enforcement operation involving the FBI and police agencies worldwide led to the arrest of the suspected administrator of the NetWire remote access trojan and the seizure of the service's web domain and hosting server. Since at least 2014, NetWire has been a tool of choice in various malicious activities, including phishing attacks, BEC campaigns, and to breach corporate networks.
Veeam urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software.The flaw was reported in mid-February by a security researcher known as Shanigen, and it affects all Veeam Backup & Replication versions.