Cybersecurity News Update: Week of March 14, 2022

Hello and welcome to GlobalSign's re-cap of the week's top cybersecurity stories. Let's dive in!

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory regarding?Russian state-sponsored hackers. The organizations say the hackers?have found a way?to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. According to the advisory, the actors "exploited a critical Windows Print Spooler vulnerability, 'PrintNightmare' (CVE-2021-34527) to run arbitrary code with system privileges."?

Israel was impacted on Monday by a Distributed Denial of Service (DDoS) attack that?took some government sites offline temporarily. A statement issued by?Israel's National Cyber Directorate said that services were back online within a few hours, though observers such as NetBlocks reported that some government websites were inaccessible outside of the country.?Unconfirmed reports allege that Iran’s Islamic Revolutionary Guard Corp?was behind the attack.?

Researchers at cyber intelligence company?Prevailion?say that Naver, the South Korean equivalent of Google,?is being used for large-scale phishing activity and the?cybercrime group responsible is likely WIZARD SPIDER.?WIZARD SPIDER (aka UNC1878) is known for?Trickbot?and other malicious Remote Access Trojans?(RATs). The Prevailion team says the phishing operation targeted at Naver users uses at least 500?domains to steal credentials. The researchers discovered that WIZARD SPIDER was using an?email address to register a set of domain names that resolved to a single IP address.??

Another tough week for Meta, the parent company of Facebook. Meta was fined $18.6M after several 2018 breaches of EU’s General Data Protection Regulation (GDPR.) The Irish Data Protection Commission handed out the fine. The security lapses affected up to 30 million Facebook users.?

Microsoft announced?that its Azure DevOps team?needed to partially rollback?the previous release of TLS 1.0/1.1 deprecation that was run on?Jan 31st, 2022. Microsoft says this was due to unexpected issues caused by the change. Here’s a?link?to a previous Microsoft blog post related to that release.

Cybersecurity firm Zimperium's annual?mobile threats report says data from its services shows that nearly a quarter of mobile devices encountered malware last year, while 13% had their data intercepted by a machine-in-the-middle attack and 12% were directed to a malicious website. Survey data also showed the volume of mobile threats is increasing and attackers are growing more sophisticated, with almost a third of zero-day attacks now targeting mobile devices.

That's a wrap. Check our blog for more information!