Cybersecurity Digest #72: 04/04/2023 – 18/04/2023

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • Trend Micro research paper titled Inside the Halls of a Cybercrime Business closely examines small, medium, and large criminal groups based on cases from law enforcement arrests and insider information.
  • Sysdig published a report that described how cybercriminals are exploiting the Log4j vulnerability to gain access to IP addresses that are then sold to entities that resell them. Dubbed proxyjacking, the attacks enable cybercriminals to resell bandwidth to providers of proxyware services that allow someone to hide their physical location.
  • Cyberint published Ransomware Trends 2023, Q1 Report. With 831 victims, Q1 2023’s victim count was much higher than the first quarter of 2022, with just 763 victims. Unsurprisingly, LockBit3.0 remained the number one group claiming an average of around 23 victims per week and almost 33% of all ransomware cases this quarter.
  • A new report by cybersecurity firm WithSecure, based on a survey of more than 400 global cybersecurity and IT decision-makers conducted by Forrester Consulting, suggests that many organizations are reactive in their approach to defending against threats, and piecemeal when it comes to cybersecurity investments. As a result, security goals become detached from business goals, resulting in organizations investing in defenses against threats that aren’t relevant to their business or goals.
  • While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach. More than 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential.
  • Despite the decline in network-detected malware in Q4 2022, endpoint ransomware spiked by 627%, while malware associated with phishing campaigns persisted as a threat, according to WatchGuard.
  • UK non-profit RUSI has published a report on how the cyber insurance industry could play a role in slowing down the current ransomware and data extortion ecosystem.
  • Threat intel outfit published a report with the current main dark web marketplaces, one year after law enforcement took down Hydra. The big five are now Mega, Black sprint, Solaris, Kraken, and OMG!OMG! Market.
  • Resecurity researchers in the new report focus on the relatively new STYX darknet platform, which implements financial fraud services. STYX opened on January 19 and implements an escrow system to mediate transactions between buyers and sellers.

Major Cyber Incidents

  • Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. The incident has exposed the following types of data: E-mail addresses, physical addresses, telephone numbers, vehicle chassis numbers.
  • A cyber attack hit several water controllers of irrigation and wastewater treatment systems in the Upper Galilee. The water controllers of scooters for irrigating fields in the Hula Valley were damaged, as well as the control systems of the Galil Sewage Corporation.
  • Taiwanese PC company MSI officially confirmed it was the victim of a cyber attack on its systems. The company said it “promptly” initiated incident response and recovery measures after detecting “network anomalies.”
  • Samsung employees are in hot water after they reportedly leaked sensitive confidential company information to OpenAI’s ChatGPT on at least three separate occasions. The leaks highlight both the widespread popularity of the popular new AI chatbot for professionals and the often-overlooked ability of OpenAI to suck up sensitive data from its millions of willing users.
  • A group of hackers calling themselves “Anonymous Sudan” attacked the websites of several Israeli media, including that of i24NEWS, which was out of service for nearly two hours. Other media outlets that were targeted included the Kan Public Broadcaster, The Jerusalem Post and Channel 12. This cyberattack comes less than a day after the same hacker group targeted several major universities across the country.
  • eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. Security researchers state the malicious JavaScript file existed on eFile.com website for weeks.
  • Data storage giant Western Digital has confirmed that hackers exfiltrated data from its systems during a “network security incident”. An unauthorized third party gained access to “a number” of its internal systems. The company hasn’t confirmed the nature of the incident or revealed how it was compromised, but its statement suggests the incident may be linked to ransomware.
  • Capita has acknowledged that a cyberattack. Many clients across the UK, including government organizations, experienced disruption due to the incident, which disrupted access to internal Microsoft Office 365 apps at the IT services and consultancy firm. In a statement sent to shareholders, Capita stated that the hack did not compromise data.