The U.S. government takes down another dark web forum, Western Digital suffers a cyberattack and the fastest acting ransomware to date. Here are the latest threats and advisories for the week of April 7, 2023.  

By John Weiler 

Threat Advisories and Alerts 

Websites Built with Elementor Pro and WooCommerce under Attack  

Millions of WordPress websites using the popular Elementor Pro website builder and the WooCommerce plugin have been exposed to a serious security vulnerability. The flaw, which affects Elementor Pro versions 3.11.6 and earlier, allows malicious actors to change the default user privileges to include administrator access. The vulnerability was patched in a March 22 update, but the number of reported incidents indicates that most website administrators have yet to install it. 

Rorschach Ransomware: One of the Fastest and Most Sophisticated Strains Yet  

Cybersecurity researchers have found a new ransomware strain called Rorschach that is extraordinarily sophisticated and faster at encrypting data than any other documented strain. Once a system is infected, Rorschach works to replicate itself across a network and cover its tracks. It also employs several situational features that the ransomware controller can use to alter its trajectory. In one controlled test, LockBit ransomware encrypted a drive in seven minutes, while Rorschach encrypted the same drive in four and a half minutes. 

Emerging Threats and Research 

Dozens Arrested as FBI Targets Genesis Market Cybercrime Forum  

The U.S. Federal Bureau of Investigation (FBI) has taken down yet another illicit invitation-only marketplace popular among cybercriminals. Just two weeks after seizing the infamous Breached hacking forum , the FBI has commandeered domains associated with Genesis Market, which peddled stolen usernames, passwords and other private data. The sting was named Operation Cookie Monster and also involved the arrest of several dozen U.S.-based and international website administrators and contributors.   

Western Digital’s My Cloud Service Goes Down after Security Breach  

Western Digital, the California-based hard drive and flash storage maker, has announced that it was breached by an unauthorized party. The network security incident was first discovered on March 26 and announced earlier this week. The investigation is still in its early stages. As such, Western Digital has yet to divulge any details on what data or systems threat actors were able to access. One likely candidate is My Cloud, the company’s cloud-linked, network-attached storage (NAS) service. It suffered a significant outage after the announcement of the cyberattack.  

U.K. Outsourcing Giant Hit by Cyberattack That Downs Microsoft 365  

A prominent business process outsourcing firm in the U.K. revealed that a cyberattack disrupted access to its Microsoft Office 365 applications. More than 50,000 specialists and contractors work for Capita, which provides services to the U.K.’s National Health Service, the government’s military infrastructure, London’s public transport network and more. Capita first described the outage on March 31 as an ‘IT issue’ but later admitted it was the result of a cyberattack. The firm claims that, as of yet, there is no evidence of cybercriminals gaining access to customer, supplier or staff data.  

Vulnerabilities in Smart Speakers Could Enable Remote Access  

A team of information security researchers have demonstrated the viability of what they’re calling a Near-Ultrasound Inaudible Trojan (NUIT). This novel cyberattack involves threat actors creating and broadcasting inaudible sounds that grant remote access and control to Apple’s Siri, Amazon’s Alexa, Microsoft’s Cortana and Google’s Assistant. Researchers are concerned that cybercriminals could embed sound bites into YouTube videos, music playlists or other trusted audio sources, thereby issuing silent commands to security systems, financial applications and private databases.   

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.