Cybersecurity News Update: Week of February 14, 2022

Hello and thanks for visiting our update. Here’s the latest on what’s been happening in cybersecurity in the last week.

The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted in business email compromise (BEC) attacks on virtual meeting platforms. With BEC attacks, the perpetrators target businesses large and small, but also individuals. The end goal is for hackers to compromise business email accounts to extract money (by getting payments redirected to their own bank accounts.) To protect yourself, the FBI suggests using secondary channels or two-factor authentication to verify requests for changes in account information, ensuring the URL in emails is associated with the business/individual it claims to be from, and not sending login credentials or personally identifiable information over email.

Russian-backed hackers have been targeting and compromising U.S.-cleared defense contractors (CDCs) since at least January 2020 to gain access to, and steal, sensitive information giving insight into U.S. defense and intelligence programs and capabilities. Russian hacking groups have breached multiple CDC networks for at least two years. According to a joint advisory issued Wednesday by the FBI, NSA and CISA, the compromised entities have included CDCs supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DoD and Intelligence programs.

A new report from?cybersecurity firm Egress ?says LinkedIn phishing attacks have increased by 232% since the start of February. The scams are tricking users twice: First, by clicking on phishing links in Outlook 365 and then entering their user credentials on fraudulent websites. For example, with typical LinkedIn email messages which could say “You appeared in four searches this week,” scammers are now sending fake emails with the same subject lines, tricking victims into trusting them.

The Internet Society (ISOC) announced a data breach that exposed the login details of 80,000 members. The non-profit, which focuses on keeping the internet open and secure, blamed the leak on a third-party vendor. The breach occurred on an unprotected Microsoft Azure cloud repository, comprising millions of JSON files including, among other things, full names, email and mailing addresses and login details.

Adobe released an emergency advisory on Sunday regarding a zero-day vulnerability affecting users of Commerce and Magento. The flaw, tracked as CVE-2022-24086, has been described as an improper input validation issue that can lead to arbitrary code execution. Adobe says the vulnerability can be exploited without authentication.

Also last week, Emil Frey, one of Europe's biggest car dealers, announced it was hit with a Hive ransomware attack last month. The company says it has “restored and restarted” commercial activity, but it is unclear if customer information was accessed during the attack. According to the?VPN Guru blog , “HIVE is one of the most dangerous ransomware groups in the world…The FBI should put the group on their radar since they have attacked at least 28 healthcare organizations around the world last year.”

That’s a wrap for this week! For more information please visit our blog .