Cybersecurity Digest #70: 07/03/2023 – 21/03/2023

Cybersecurity news

Cybersecurity Blog Posts

Research and analytics

  • Specops Software has announced the release of its annual Weak Password Report which analysed over 800 million breached passwords and suggests that passwords continue to be a weak spot in an organisation’s network. The study found 88% of passwords used in successful attacks consisted of 12 characters or less, with the most common being 8 characters.
  • A new report by research and advisory firm Forrester reveals that more than two-thirds of European organizations are developing a strategy to use zero trust security. The public sector is leading the way in adoption, with 79% of German organizations prioritizing the technology, and the U.K. (68%) and France (66%) not far behind.
  • Wallarm released its 2022 Year-End API ThreatStats™ Report, providing in-depth analysis into published API vulnerabilities, exploits, and attack data for the year. The results clearly illustrate that the API threat landscape is becoming more dangerous. In 2022 there was a huge increase in attacks against Wallarm’s customers’ APIs, which ballooned over 197% from H1 to H2, also there was significant increase in API-related CVEs, growing +78% from H1 to H2.
  • A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as a cybercriminal, while a text analysis suggested at least 30 percent of underground forum participants may be women.
  • According to the Secureworks State of the Threat report, ransomware remained the most prevalent form of attack – and the median time between initial access and detonation dropped to 4.5 days in 2022. This infographic illustrates how time is of the essence when ransomware strikes, and the steps security teams must take to evict the threat actor while the clock ticks.
  • The Office of the Director of National Intelligence (ODNI) has published its yearly threat assessment, a report that aggregates intelligence insights on the US’ main adversaries. ODNI views China as the broadest, most active, and persistent cyber espionage threat to US Government and private-sector networks.
  • Sophos is tracking a new version of the PlugX USB Trojan. The researchers say the “novel aspects of this variant are a new payload and callbacks to a C2 server previously thought to be only tenuously related to this worm.”
  • Egress released its Email Security Risk Report 2023. The report uncovers findings that demonstrate the prevalence of inbound and outbound email security incidents in Microsoft 365, with 92% of organizations falling victim to successful phishing attacks in the last 12 months, while 91% of organizations admit they have experienced email data loss.

Major Cyber Incidents

  • The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, “held” by a third-party newsletter service, was stolen.
  • Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability.
  • Latitude Financial Services has disclosed a data breach after suffering a cyberattack, causing the company to shut down internal and customer-facing systems. Latitude is one of Australia’s largest personal loans provider and the country’s largest non-bank consumer credit lender.
  • A ransomware gang is threatening to release SpaceX’s prized business secret: the design of its rockets. The Lockbit gang claimed it breached Maximum Industries, a fabricator of rocket parts for Elon Musk’s rocket company based in Texas, and pilfered “3,000 drawings” from the contractor, according to the gang’s website.
  • On a hacker forum, data that unknown hackers stole from Acronis was published in the public domain. Among other things, the dump contains certificate files, command logs, system configurations, and so on.
  • Telecommunications giant AT&T confirmed this week that a breach exposed the sensitive information of about 9 million customers. A spokesperson told The Record that the leaked dataset was several years old and related to device upgrade eligibility.
  • Black & McDonald, an engineering multinational headquartered in Canada, has been reportedly hit by a ransomware attack. The company works with the country’s military, power, and transportation infrastructure.
  • The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link’s servers.