Cyber Markets Round-up: Week 25, June '23: The evolution of cyberattacks and how cybersecurity strategies need to be adjusted

WHAT’S NEW

How Clop-MOVEit Hack Shows Evolution in Cyberattacks

A criminal hacking group known as Clop has exploited a security flaw in a file transfer tool, stealing data from dozens of companies and organizations primarily in the US and Europe. The oil giant Shell Plc and IAG SA’s British Airways are among the victims, along with US government agencies, banks, manufacturing firms, and universities. The hacking involves demands for ransom payments but doesn’t involve ransomware.

The hacking group Clop discovered a previously unknown vulnerability in MOVEit and exploited it to steal data from companies and organizations that were using the tool. The US Cybersecurity & Infrastructure Security Agency warned on June 1 that the security vulnerability could be exploited to “take over an affected system.” Clop’s Russian-speaking members have been among the most prolific cybercriminal gangs in recent years, causing hundreds of millions of dollars of damage internationally, according to the cybersecurity firm Trend Micro Inc.?

What’s different about this type of cyberattack?

In the MOVEit attacks, the gang hasn’t used ransomware — malicious software deployed to encrypt computers so they cannot be operated unless their owners make a payment. Instead, the group has stolen internal data from computer systems and demanded that victims pay money to prevent the gang from publishing the data online. [The Washington Post]

Verizon's 2023 Data Breach Investigations Report

Summary of Findings

Social Engineering attacks are often very effective and extremely lucrative for cybercriminals. Perhaps this is why Business Email Compromise (BEC) attacks (which are in essence pretexting attacks) have almost doubled across our entire incident dataset, as can be seen in Figure 5, and now represent more than 50% of incidents within the Social Engineering pattern.

Ransomware continues its reign as one of the top Action types present in breaches, and while it did not actually grow, it did hold statistically steady at 24%. Ransomware is ubiquitous among organizations of all sizes and in all industries.

The three primary ways in which attackers access an organization are stolen credentials, phishing, and exploitation of vulnerabilities. [Verizon]

National Cyber Threat Assessment 2023-2024 from the Canadian Centre for Cyber Security

Key judgments

• Ransomware is a persistent threat to Canadian organizations. Cybercrime continues to be the cyber threat activity most likely to affect Canadians and Canadian organizations.
• Critical infrastructure is increasingly at risk from cyber threat activity. Cybercriminals exploit critical infrastructure because downtime can be harmful to their industrial processes and the customers they serve.
• State-sponsored cyber threat activity is impacting Canadians. We assess that the state-sponsored cyber programs of China, Russia, Iran, and North Korea pose the greatest strategic cyber threats to Canada.
• Cyber threat actors are attempting to influence Canadians, degrading trust in online spaces. We have observed cyber threat actors’ use of misinformation, disinformation, and malinformation (MDM) evolve over the past two years.
• Disruptive technologies bring new opportunities and new threats. Digital assets, such as cryptocurrencies and decentralized finance, are both targets and tools for cyber threat actors to enable malicious cyber threat activity. [Canadian Centre for Cyber Security]

Why Hackers Have Their Sights Set on Healthcare

Now more than ever, we continue to expect that attackers will target nursing homes, doctors’ offices, and other medical facilities due to the immense pressure the industry is facing to modernize. While the advancements in technology are vital to ensuring better patient care, they also open doors for threat actors everywhere. The interconnectedness that comes with tying technology together at hospitals is also contributing to their vulnerability.

Hackers Found Their Mark on Tech Targets

Another opportunity for hackers targeting healthcare became clear immediately – medical devices. In the same way that consumers have dozens of appliances or devices that need to be connected to their home Wi-Fi – so do hospitals and doctor’s offices. With attackers finding ways to breach network servers through medical devices that are connected, patient data is much easier to exploit. MRI machines and heart rate monitors are listed as weak links in the cyber defense of many hospitals.

As the healthcare industry has proven to be a lucrative target for threat actors in recent years, we can expect there to continue to be an increase in breaches and ransomware attacks. That said, this is a prime opportunity for security professionals and MSPs to band together to mitigate these threat actors and their methods of attack. In knowing the most effective and often used attack style, healthcare providers can help support themselves and their stakeholders by implementing the right tools, as well as offering the proper training for their employees and patients to avoid exploitation via phishing emails or multi-factor authentication (MFA) attacks. [Security Today]

If you enjoyed this edition of the Cyber Markets Roundup, we are inviting you to connect with us on?Susbtack?for free and let us build a community of like-minded individuals who are interested in cybersecurity, stocks, and financial markets.