Blog
LATEST CYBERTHREATS AND ADVISORIES - MARCH 24, 2023
FBI arrests Breached hacking forum leader, smartphones hijacked without any user involvement and 330,000 customers compromised in Australia by a data breach. Here are the latest threats and advisories for the week of March 24, 2023.
Threat Advisories and Alerts
CISA and FBI Release Advisory on LockBit Ransomware
The U.S. Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) #StopRansomware campaign continued last week, this time with an advisory for today’s most notorious ransomware gang: LockBit. The cybergroup’s prolific attack spree has been responsible for 52% of all ransomware attacks worldwide and struck major organizations, like Royal Mail, Accenture and Ion Trading. LockBit 3.0 functions as a Ransomware-as-a-Service (RaaS) model and an affiliate-based malware. The advisory shares indicators of compromise and ways to mitigate attacks.
Attackers Hijack Samsung, Google and Vivo Phones Without User Interaction
Up to 18 vulnerabilities have been reported in Samsung’s Exynos chipsets, which are used in various versions of Google Pixel, Samsung Galaxy and Vivo phones. Four of those flaws allow attackers to completely compromise affected devices and silently perform remote code execution without interacting with the user—all the attacker needs is the user’s phone number. While patches have yet to be released, users can protect themselves by turning off their devices’ Voice-over-LTE settings and Wi-Fi calling.
Emerging Threats and Research
U.K. Ransomware Attacks Rise 17% in 2022
While ransomware incidents declined globally in 2022, attacks increased by 17% in the U.K., according to a new report by cybersecurity company Jumpsec. The notorious ransomware gang LockBit has been responsible for over 30% of the attacks, with Karakurt and Vice Society committing their share of incidents as well. However, Jumpsec researcher Sean Moran argued that less emphasis should be placed on the ransomware gangs, “Threat actors may operate using multiple ransomware strains and groups can disappear, rebrand and re-emerge often without consequence – making it unwise to put too much weight on the changing fortunes of any individual group.” Instead, Moran advised that companies should work on building cyber resilience.
Breached Hacking Forum Goes Down Along with Founder
With last week’s arrest of Breached hacking forum’s founder Conor Brian Fitzpatrick (who goes by the alias Pompompurin), the cybercrime meeting ground was the next domino to fall. The remaining administrator, known as Baphoment, has permanently shut down the site due to fears that the FBI has infiltrated its infrastructure. Breached was a cybercrime forum that was a hotbed for criminal activity. The site and its members were involved in data leaks, extortion attempts and high-profile breaches that hit global companies, including Acer, Twitter and Activision.
Data Stolen from 330,000 Customers in Latitude Breach
Melbourne’s Latitude Financial Services was hit with a breach that affected roughly 330,000 customers, with likely more victims on the way as the attack is ongoing. In response, the financial services company has taken its systems offline, which has resulted in disruption to its service. Around 96% of the data stolen in the breach has been that of driver’s licenses or numbers. The Australian Federal Police (AFP), the Australian Cyber Security Centre (ACSC) and other government agencies are investigating the incident.
Critical Infrastructure Targeted Via Zero-Day Vulnerability
Energy giant Hitachi Energy is pointing to a zero-day vulnerability in a managed file transfer (MFT) software as the weakness that allowed a ransomware gang to target the company. In a press release issued by Hitachi Energy, it said the Cl0p ransomware gang targeted the GoAnywhere product and may have gained unauthorized access to employee data in some countries. The company claims to have found no evidence that its network operations and customer data have been compromised, but Cl0p has named it as a victim on its web site, suggesting it has stolen data it will publish in due course.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.