Blog

Latest Cyberthreats and Advisories - December 16, 2022

Dec 16, 2022

Cyberthreats 12.16.2022

The rise of new ransomware gangs, cyberattacks on Uber and California’s Department of Finance make headlines this week. Here are the latest threats and advisories for the week of December 16, 2022.

Threat Advisories and Alerts

U.K. Government Sets New Standards for App Security

The U.K. government has requested that app store developers and operators voluntarily follow a code of practice to protect consumers from malicious apps and actors. The code consists of eight principles, including requests to keep apps up-to-date, implement a vulnerability disclosure process, provide clear feedback to developers and more. The guidance comes at a time when news of malicious apps regularly appears in the headlines.

Source: https://www.gov.uk/government/consultations/app-security-and-privacy-interventions/outcome/government-response-to-the-call-for-views-on-app-security-and-privacy-interventions#section-2-code-of-practice-principles  

APT5 Threat Group Actively Exploits Citrix Vulnerability

Citrix has released a patch for a critical vulnerability (CVE-2022-27518). The security flaw affects Citrix ADC and Citrix Gateway versions 13.0 before 13.0-58.32 and 12.1 (including NDcPP and FIPS). The China-linked has taken notice of the vulnerability. According to the National Security Agency (NSA), the group has been actively targeting it to breach organizations.

Source: https://www.darkreading.com/attacks-breaches/citrix-adc-gateway-users-race-against-hackers-patch-critical-flaw

Patches Released for Critical Vulnerability in Fortinet’s FortiOS

Fortinet has issued security updates for a critical vulnerability (CVE-2022-42475) in FortiOS SSL-VPN that is reportedly being actively exploited in the wild. If the flaw is successfully exploited, it could allow unauthenticated users to execute arbitrary code and crash devices remotely. Users and admins are urged to apply the patches immediately.

Source: https://www.csa.gov.sg/singcert/Alerts/al-2022-080

Emerging Threats and Research

LockBit Ransomware Gang Attacks California’s Finance Department

California’s Cybersecurity Integration Center (Cal-CSIC) confirmed on Monday that the state’s finance department was hit by a cyberattack. Ransomware gang LockBit claims to be behind the attack, writing in their blog that they’ve stolen 76GB of data, including financial and IT documents, confidential data, databases and “sexual proceedings in court.” The gang has threatened to publish the files unless the Department of Finance pays the ransom by Christmas Eve.

Source: https://www.infosecurity-magazine.com/news/california-hit-by-alledged-lockbit/

Uber Breach Exposes Sensitive Employee and Company Data

Ride-hailing company Uber suffered a data leak this past weekend that exposed sensitive information of more than 77,000 employees. The incident occurred when one of Uber’s third-party vendors, Teqtivity, was compromised by a threat actor who goes by the name ‘UberLeaks.’ In addition to employee information, ‘UberLeaks’ claims to have also stolen source code and IT asset management reports along with other sensitive corporate information.

Source: https://www.itpro.co.uk/security/data-breaches/369706/uber-says-compromised-third-party-to-blame-for-data-breach

Royal Ransomware Gang Targets US Healthcare Industry

The U.S. Department of Health and Human Services (HHS) has warned healthcare organizations that the Royal ransomware group is targeting their industry. The ransomware gang, which emerged this year, uses the double extortion method to threaten victims: data encryption plus public exposure of the stolen data if the ransom goes unpaid. Typical ransoms demanded by Royal range from $250,000 to more than $2 million.

Source: https://www.theregister.com/2022/12/09/royal_ransomware_hhs_warning/

Ransomware Attack Rocks Belgian City of Antwerp

The new ransomware operation known as Play has claimed responsibility for a cyberattack on Antwerp, Belgium. The incident occurred last week when the company that manages Antwerp’s IT systems was hit with ransomware, causing significant disruption to the city. Some email and phone services have gone down and many services, like the library and job applications, have become delayed or unavailable.

Source: https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-belgium-city-of-antwerp/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.