Cybersecurity Digest #71: 28/03/2023 – 04/04/2023

Cybersecurity news

Cybersecurity Blog Posts

  • Rafeeq Rahman shared a new CISO MindMap 2023, formed taking into account such recent changes in the digital environment as the development of ChatGPT, the increase in the use of cloud technologies and others.
  • Ashley Leonard in the HelpNetSecurity blog described 3 main methods of attacks on end hosts: phishing/targeted phishing, exploiting vulnerabilities of operating systems and software products.
  • John E. Dunn spoke about how the development of ChatGPT will affect the success of phishing attacks in his article. In his opinion, artificial intelligence will be able to create many unique phishing emails with competent speech, stylized in the manner of a particular person, for example, the CEO of the attacked company, etc.

Research and analytics

  • Microsoft has highlighted a rise in DDoS attacks on healthcare organizations, mapping a three-fold increase in attacks over three months. It said it tracked 10 to 20 attacks per day on healthcare organizations on Azure in November but was seeing 40 to 60 per day in February. The attack mix changed over this time, it added, with over half of attacks now being UDP floods, with 44% being TCP-based.
  • Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra’s Security Features Survey. In fact, 45% have stopped using a specific type of software due to security concerns. Businesses are willing to pay a premium for intuitive and well-designed secure software.
  • HP Inc. issued its latest quarterly HP Wolf Security Threat Insights Report, showing hackers are diversifying attack methods, including a surge in QR code phishing campaigns. Scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details.
  • Huntress has released a report detailing the state of cybersecurity in mid-sized businesses across the US and Canada. Here are some findings summarized: 61% of mid-sized businesses don’t have a security team, 47% don’t have an incident response plan, 27% have no cyber insurance coverage.
  • Mandiant published a detailed report titled Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace. In 2022, Mandiant tracked 55 zero-day vulnerabilities that were judged as being exploited. The report further noted that Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022.
  • ZenGo security researchers have found a new technique named the Red Pill attack that allows malicious smart contracts to detect when blockchain security solutions run “simulated transactions” and hide their malicious behavior.
  • Worldwide spending on security solutions and services is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022, according to a prognosis from the International Data Corporation (IDC). Banking, Discrete Manufacturing, Professional Services, and the Federal/Central Government verticals are expected to account for more than a third of all security spending in 2023.
  • CISA and FBI Release Advisory on LockBit Ransomware. The cybergroup’s prolific attack spree has been responsible for 52% of all ransomware attacks worldwide and struck major organizations, like Royal Mail, Accenture and Ion Trading. The advisory shares indicators of compromise and ways to mitigate attacks.
  • While ransomware incidents declined globally in 2022, attacks increased by 17% in the U.K., according to a new report by cybersecurity company Jumpsec. The notorious ransomware gang LockBit has been responsible for over 30% of the attacks, with Karakurt and Vice Society committing their share of incidents as well.
  • Malicious threat actors have actively exploited 55 zero-days in 2022 – down from 81 in 2021 – with Microsoft, Google, and Apple products being most targeted. 53 out of 55 allowed attackers to achieve elevated privileges or execute remote code on vulnerable devices, a new Mandiant report has revealed.
  • Searchlight Cyber released its report Proactive Defense: How Enterprises Are Using Dark Web Intelligence. 93% of CISOs are concerned about dark web threats, and almost 72% of CISOs believe that intelligence on cybercriminals is “critical” to defend their organization and increase cybersecurity, according to report.
  • Europe’s transport sector saw a doubling in ransomware attacks in 2022, making it the dominant cyberthreat facing the sector, according to ENISA. Between January 2021 and October 2022 ransomware was involved in 38% of attacks, the report said, while data-related techniques were used in 30%. DDoS attacks were 16% of the total, while phishing and supply-chain attacks were each involved in 10% of attacks.
  • Security firm ThreatMon has published an analysis of 20 lesser-known leaks that have been reported on social media and dark web forums throughout the past year.
  • Red Canary has published its yearly report that compiles data from nearly 40,000 threat detections across the company’s network of 800+ customers. The report covers multiple cybercrime trends, from ransomware to stealers and from Iaps to email threats.
  • This Federal News Network report looks at CASS, China’s new security platform that’s currently planned to replace its EINSTEIN system.
  • CISA and the NSA have published a best practices guide for securing Identity and Access Management (IAM) systems.

Major Cyber Incidents