Blog
Latest Cyberthreats and Advisories - February 10, 2023
Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023.
Threat Advisories and Alerts
Massive Ransomware Campaign Targets VMware ESXi Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a script for retrieving VMware ESXi servers encrypted by the massive ESXiArgs ransomware campaign. The attack began last week when cybercriminals launched their attack. At the time of writing, 2,800 servers are know to have been encrypted. As for the script, the U.S. cybersecurity organization has said, “CISA compiled this tool based on publicly available resources, including a tutorial by Enes Sonmez and Ahmet Aykac.” To avoid complications, CISA has warned users to understand how the script affects their systems before using it.
Atlassian Releases Patches for Critical Vulnerability in Jira Software
Australian software company Atlassian has released security patches to fix a critical vulnerability (CVE-2023-22501) in its Jira Service Management Server and Data Centre. If successfully exploited, the vulnerability could allow cybercriminals to impersonate other users and obtain remote access to affected systems. The affected Jira versions include 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0. Users and admins are advised to apply the appropriate patches immediately.
Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2023-016
Emerging Threats and Research
IT Professionals Fear ChatGPT Could Be Beginning of AI-Driven Cyberattacks
When audiences were introduced to Skynet’s nefarious artificial intelligence in the 1984 movie Terminator, the idea of AI-powered attacks probably seemed far-fetched. Tech professionals may be beginning to think differently. According to a BlackBerry survey of 1,500 IT decision makers, 51% of IT workers believe a cyberattack credited to ChatGPT is less than a year away. The report reveals respondents’ biggest fears are ChatGPT’s ability to help bad actors craft legitimate sounding phishing emails (53%), improve their technical knowhow (49%) and spread misinformation (49%).
Source: https://www.helpnetsecurity.com/2023/02/07/chatgpt-security-risks/
U.K. Metal Engineering Firm Suffers Cyberattack
Vesuvius, a U.K. metal flow engineering company, was recently hit with a cyberattack that led to unauthorized access to its systems. In a statement released earlier this week, the company said, “We are working with leading cybersecurity experts to support our investigations and identify the extent of the issue, including the impact on production and contract fulfillment.” Information on the type of attack, systems affected and other details have yet to be revealed.
Source: https://www.infosecurity-magazine.com/news/uk-metalg-firm-vesuvius-cyberattack/
LockBit Claims Royal Mail Cyberattack
The notorious LockBit ransomware gang has publicly claimed responsibility for the cyberattack on the U.K.’s Royal Mai l . The attack was first reported on January 10 and caused severe disruption to the postal operator’s international shipping services. LockBit claims to have stolen Royal Mail’s data and threatened to publish it if their ransom isn’t paid. Royal Mail has yet to officially acknowledge that its “cyber incident” is a ransomware attack, but has resumed outbound international mail operations.
ION Trading Pays LockBit’s Ransom after Global Disruption to Its Business
U.K. software company ION Trading has reportedly paid a ransom to LockBit for an attack it suffered on January 31. ION has been removed from LockBit’s data leak site and a spokesperson for the criminal group said the ransom was paid the day before its due date by a “very rich unknown philanthropist.” While paying ransoms to cybercriminals is typically discouraged, the incident was impacting ION’s clients on a global scale. Ian McShane, vice president of Arctic Wolf, said, “The cyber attack on the ION Group demonstrates how attackers can use the supply chain to cripple entire industries.”
Canada’s Indigo Suffers Web Outage After “Cybersecurity Incident”
Canadian books and music retailer Indigo has, like Royal Mail, suffered a “cybersecurity incident” that has affected customer orders in-store and online. The company remians quiet about the details of the incident, but David Masson, director of enterprise security at cybersecurity firm Darktrace, was reported by CBC News to have suggested that the sheer length of the problem indicates it wasn’t an internal error, and rather an instance of ransomware. At the time of writing, the website remains down with an English/French static page apologizing for the inconvenience while it tries to get its systems back online.
Source: https://www.cbc.ca/news/business/indigo-cybersecurity-1.6742230
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.