Blog
Latest Cyberthreats and Advisories - February 17, 2023
Romance scams, high-profile attacks on major U.S. companies and an inside look at Royal Mail/Lockbit negotiations. Here are the latest threats and advisories for the week of February 17, 2023.
U.S. And South Korean Governments Publish Advisory on Healthcare Cyberattacks
In light of the rise in ransomware attacks on U.S. and South Korean healthcare networks, a group of six government agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Republic of Korea (ROK) National Intelligence Service (NIS), released a joint advisory highlighting the trend. North-Korean state-sponsored actors, who are believed to be behind the attacks, demand payment in cryptocurrency and reportedly use their earnings to fund further cyber operations against U.S. and South Korean governments. The advisory provides advice on mitigation actions.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa23-040a
Apple Zero-Day Vulnerability Being Actively Exploited in the Wild
Earlier this week, Apple rolled out patches for a zero-day vulnerability (CVE-2023-23529) reportedly being actively exploited in the wild. The vulnerability is a WebKit confusion flaw impacting the company’s iPhone, iPad and Mac products. If successfully exploited, the security bug could allow arbitrary code execution. Users are advised to apply the updates immediately.
Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2023-017
Emerging Threats and Research
LockBit Releases Transcript of Entire Royal Mail Ransom Negotiation
The Royal Mail/LockBit saga continued this week as the prolific cybergang leaked a transcript of its entire negotiation with the U.K.’s postal operator. The rare look into such a high-profile negotiation has revealed that LockBit originally asked for £65 million but later discounted the ransom 12.5% to roughly £57.4 million. Royal Mail balked at the high number, pointing out that LockBit had mistaken the postal service for a larger enterprise. The transcript was leaked mere days after Royal Mail failed to meet LockBit’s ransom payment deadline of last Thursday.
Flood of Phishing Emails Hit Namecheap Customers’ Inboxes
Customers of the popular domain name registrar Namecheap have been hit with a flood of phishing emails impersonating MetaMask and DHL. The phony emails attempted to dupe users into sharing their personal information or secret recovery phrase for their crypto wallet. While Namecheap’s systems were not breached, the incident may have occurred due to a security issue at one of the company’s third-party vendors.
Source: https://www.helpnetsecurity.com/2023/02/13/dhl-metamask-phishing-namecheap/
Sensitive Data Stolen in Pepsi Bottling Ventures Breach
Pepsi Bottling Ventures, the largest bottler of Pepsi-Cola drinks in the U.S., suffered a breach after cybercriminals installed info-stealing malware on the company’s IT systems. The incident occurred on or around December 23, 2022 but wasn’t noticed until January 10, 2023. While the beverage company took quick action to contain the breach, a haul of personal and financial information was stolen, including social security numbers, passport information, digital signatures, PIN codes and driver’s license numbers.
Source: https://www.theregister.com/2023/02/14/pepsi_bottling_malware/
Cloudflare Thwarts Record-Breaking DDoS Attack
Web-infrastructure company Cloudflare mitigated a wave of hyper-volumetric DDoS attacks over the past weekend. “The majority of attacks peaked in the ballpark of 50–70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record,” the company explained in a blog post . The incident highlights a recent trend of DDoS attacks, which have been on the rise since late last year.
Source: https://www.infosecurity-magazine.com/news/largest-https-ddos-attack-record/
U.S. Romance Scams Rob 70,000 Victims of $1.3 Billion
The U.S. Federal Trade Commission (FTC) may have spoiled this week’s Valentine’s Day celebration by reporting that romance scams resulted in $1.3 billion in losses in 2022—claiming nearly 70,000 victims. How do the scams work? Bad actors lure victims in via social media platforms like Facebook and Instagram, then manipulate them into sending money. The FTC advises that requests to send gift cards, money and cryptocurrency should be considered red flags of a scam.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.