Infosec K2K Cyber News Of The Week - Friday 23rd February
Infosec K2K
Our cybersecurity experts protect your business and keep it secure in today’s ever-changing digital landscape.
Welcome to Infosec K2K’s Weekly News Update! As technology continues to advance, so do the risks associated with it. Every week, we gather the latest news and insights on cyber threats, data breaches, and other essential topics in the world of cyber security.
In the news this week
A joint study by Cyolo and the Ponemon Institute has revealed there are critical gaps in how organisations secure access to #OperationalTechnology (OT) environments. The study, which took a year to complete and is based on findings from a survey of 1,056 cyber security professionals, revealed many businesses were giving vendors and contractors remote access to their OT environments,. 73% of firms said they had granted third-party access to OT environments, with some permitting access to an average of 77 third party users.
Find out more on Cyolo :
A US government agency (which hasn’t been named) was the victim of a hack last week, after a threat actor exploited the administrative credentials of a former employee. The attacker gained entry into the agency’s network using a VPN, and accessed sensitive information including user credentials. The former employee’s credentials were obtained from a previous data breach, and were publicly available - the agency had failed to remove their account.?
Find out more on SecurityWeek : https://www.securityweek.com/ex-employees-admin-credentials-used-in-us-gov-agency-hack/
The UK’s National Crime Agency (NCA) announced this week that it had obtained the source code of the ransomware gang #LockBit, and locked the gang out of its own website. As part of an international task force dubbed #OperationCronos, the NCA and other law enforcement agencies arrested two malicious actors in Poland and Ukraine, and froze more than 200 cryptocurrency accounts linked to the gang. Authorities have also released a decryption tool, providing relief to victims.
Find out more on The Hacker News : https://thehackernews.com/2024/02/lockbit-ransomware-operation-shut-down.html
The #Rhysida ransomware group has intensified its attacks on hospitals, power plants, and schools across Europe and the Middle East, with 77 institutions falling victim to them since May 2023. eSentire 's Threat Response Unit has confirmed the authenticity of all of the victims listed on Rhysida’s dark web site. Rhysida operates as a Ransomware-as-a-Service provider, leasing tools to affiliates, and employs double extortion tactics, demanding hefty ransoms and threatening data exposure.
Find out more on Infosecurity Magazine :?
A Russian-linked threat actor, TAG-70, is conducting a #CyberEspionage campaign targeting Roundcube webmail servers across Europe, focusing on government, military, and national infrastructure entities. Over 80 organisations have been targeted, with servers primarily located in Ukraine, Georgia, and Poland, although some targets have been identified in countries including Belgium, France, and Germany. The campaign employs sophisticated attack methods, including social engineering and exploiting #XSSvulnerabilities.
Find out more on Cybernews : https://cybernews.com/security/russian-cyber-espionage-campaign-target-email/?
领英推荐
The Stats This Week
13,000
A cloud computing glitch left 13,000 customers of smart camera maker Wyze able to see into other customers’ homes. After an outage last week, users reported seeing the wrong thumbnails and watching strangers’ footage. The company has blamed the incident on ‘a third-party caching client library, the Amazon Web Services (AWS) .’ This isn't Wyze's first cyber security incident - they had previous breaches in 2023 and 2019.?
Find out more on Cybernews : https://cybernews.com/news/wyze-camera-breach-glitch-spying/
150,000
The #Anatsa banking trojan infiltrated over 150,000 Android devices across Europe via Google Play . In five campaigns, #CyberCriminals used dropper apps to bypass security measures and infect users in specific regions. The malicious apps masqueraded as PDF viewers and phone cleaners, with some accumulating over 100,000 downloads. 谷歌 has since removed all of the identified apps from their app store.
Find out more on BleepingComputer : https://www.bleepingcomputer.com/news/security/anatsa-android-malware-downloaded-150-000-times-via-google-play/?
71%?
A recent study from IBM has revealed a 71% surge in #CyberAttacks using valid user credentials in 2023. These attacks accounted for a third of all enterprise breaches. Cyber criminals are increasingly shifting from ransomware to infostealers, and IBM has observed a 266% rise in their use. Critical infrastructure faces heightened vulnerability, with 85% of attacks originating from #Phishing and credential abuse, and the rise of generative AI threatens to amplify these threats.?
Find out more on Tech Monitor : https://techmonitor.ai/technology/cybersecurity/2023-ransomware-haul-1bn
Thoughts from Infosec K2K
The Cybersecurity and Infrastructure Security Agency (CISA) recently revealed that a threat actor had used the compromised account of a former employee to gain access to a US government organisation’s network. In the wake of this hack, it has become clear that ensuring proper Identity and Access Management (IAM) protocols is paramount - for both businesses and government organisations. The breach, which was only made possible by a former employee's administrative credentials being left active, underscores the critical need for IAM. By failing to deactivate the former employee's account, the organisation inadvertently granted access to threat actors, who were able to steal user data and post it on a dark web forum.
IAM solutions play a pivotal role in safeguarding organisations against unauthorised access and potential cyber threats. One of the biggest benefits of IAM solutions is that they provide organisations with greater control over user permissions, allowing them to limit access to only what is necessary for each user's role. One of the key lessons from this incident is the importance of promptly deactivating accounts of former employees. Failing to do so not only poses a significant security risk but also leaves organisations vulnerable to exploitation by malicious actors.?
IAM solutions can include features such as automated account provisioning and deprovisioning, streamlining the process of managing user access and minimising the likelihood of human error. With cyber threats continuing to evolve and become more sophisticated, IAM is a fundamental part of any organisation’s cyber security strategy. By investing in IAM solutions such as the ones we offer here at Infosec K2K, businesses can effectively reduce the chance of unauthorised access, and protect their data from being exploited.
Read more about CISA’s findings here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a?
Got questions about this week’s news? We’re here to help! Learn how best to bolster your cyber security defences by getting in touch with our expert team at Infosec K2K.?
Stay updated on all things #CyberSecurityNews when you subscribe to our weekly newsletter by clicking 'Subscribe' at the top of this page!