Round Up of Major Breaches and Scams
The Control System Cyber Security Association International (CS)2AI and KPMG on Monday announced their first annual cybersecurity report focusing on industrial control systems (ICS) and operational technology (OT). (CS)2AI, a non-profit organization, has more than 16,000 members worldwide and the report is based on information provided by 600 of them. Respondents represent all continents and a wide range of industries and organization sizes. More than 80% of respondents are decision makers when it comes to OT security expenditure.
A Russian cybercriminal has been jailed for eight years for participating in a botnet scheme that caused at least $100 million in financial damage. According to the US Department of Justice (DoJ), Aleksandr Brovko was an active member of “several elite, online forums designed for Russian-speaking cybercriminals to gather and exchange their criminal tools and services.”
Round Up of Major Malware and Ransomware Incidents
With some countries and states heading back in to lockdown due to rising rates of COVID-19 infections, it seems horrible timing that hospital ransomware is back in the news. Healthcare is not in a good place right now. With some countries and states deciding to go back in to lockdown due to the continued rise of reported COVID-19 infections—and several garnering record-high numbers compared to when almost every country initially went into lockdown—it seems horrible timing that hospital ransomware is back in the news.
The National Cyber Security Centre fended off more than 700 cyber attacks directed against the British state over the last year, of which about a quarter were COVID-19 related. Of the 723 incidents, the GCHQ offshoot handled between 1 September 2019 and 31 August this year, 194 were related to the coronavirus pandemic – with a significant number targeting the NHS and wider public sector healthcare organisations, as well as academia and government.
Detected attacks using the Emotet Trojan soared by over 1200% from Q2 to the third quarter of this year, supporting a surge in ransomware campaigns, according to the latest data from HP Inc. Powered by its acquisition of Bromium, the firm’s HP Sure Click unit captures malware at the endpoint and runs it inside secure containers. These installations picked out a “large and sustained increase in malicious spam campaigns” spreading Emotet, especially in August. Emotet is often used as a loader, providing access to third-party threat groups to deploy secondary TrickBot and QakBot infections as well as human-operated ransomware.
Round Up of Major Vulnerabilities and Patches
Tripwire‘s October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle. First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vulnerability is within the Console component of Oracle WebLogic Server, and it can be exploited without authentication and requires no user interaction. Proof-of-concept code is available and does not require significant expertise in order to exploit a vulnerable server. Supported versions of Oracle WebLogic Server that are affected include 10.3.6.0.0, 188.8.131.52.0, 184.108.40.206.0, 220.127.116.11.0 and 18.104.22.168.0.
FireEye, one of today’s top cybersecurity companies, has released a new pre-configured virtual machine (VM) that was specifically set up to help threat intelligence analysts hunt down adversaries. Named the ThreatPursuit VM, this is a Windows 10 installation that comes with more than 50 software programs that are commonly used by threat intel analysts. The idea behind ThreatPursuit is to provide companies with a ready-made OS that can be deployed to new workstations before, during, or after a security incident.