Ransomware hits hard around the world – again, Cybercriminals steal food and Fortnite’s developer is fined millions. Here are the latest threats and advisories for the week of December 23, 2022. 

Threat Advisories and Alerts 

Criminal Actors Use BEC Attacks to Steal Large Food Shipments  

Three U.S. government agencies – The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI) and the U.S. Department of Agriculture (USDA) – have issued a joint warning to food suppliers that their industry is seeing an uptick in business email compromise (BEC) attacks. Criminal actors are impersonating legitimate companies to order shipments of food valued at hundreds of thousands of dollars. The catch? The threat actors never pay their bill. The cybercriminals often repackage the food without concern for sanitation, expiration dates or food safety, causing damage to their victims’ reputations.  

Source: https://www.ic3.gov/Media/News/2022/221216.pdf    

Why Organizations (Not Employees) Should Take Ownership of Phishing 

Organizations often rely too heavily on employees to prevent phishing attacks. According to a new blog post by the U.K. National Cyber Security Centre (NCSC), spotting phishing attacks is not the job of employees. Companies should own the problem. They can do that by implementing multi-factor authentication (MFA) for all staff members, device-based passwordless authentication with a FIDO token and eliminating threats in advance with web proxies and email scanning. 

Source: https://www.ncsc.gov.uk/blog-post/telling-users-to-avoid-clicking-bad-links-still-isnt-working   

Guardian Newspaper Hit by Ransomware Attack 

U.K.-based print and online newspaper The Guardian has been hit by a ransomware attack that has impacted several systems at its headquarters.  

The company said it was continuing to publish globally to its website – one of the most visited news sites in the world – and was “confident” it could still print the physical paper. Staff have been told not to go into the office and to work from home. 

Source: https://www.bbc.co.uk/news/technology-64056300   

Emerging Threats and Research 

FTC And Fortnite Creator Reach $520 Million Settlement  

Epic Games, the studio behind the popular Fortnite video game, will pay hundreds of millions of dollars to the U.S. Federal Trade Commission (FTC) to settle two allegations. The first is a $275 million fine for violating privacy laws relating to children. The second is a sum of $245 million to reimburse customers who were duped into making accidental in-game purchases and for allowing children to buy in-game content without parental or card holder consent. 

Source: https://thehackernews.com/2022/12/ftc-fines-fortnite-maker-epic-games-275.html   

$300,000 Stolen in DraftKings Cyberattack 

DraftKings has revealed that last month’s credential stuffing attack exposed the personal information of 67,995 customers. According to the sports betting giant, the credentials used to login to customers’ accounts were obtained from a source outside DraftKings. Up to $300,000 in customer funds were stolen during the incident, which the company has since refunded. While there’s no evidence that financial account numbers, driver’s license numbers or social security numbers were accessed, attackers could have viewed the phone numbers, email addresses and other personal information of account holders.  

Source: https://www.bleepingcomputer.com/news/security/draftkings-warns-data-of-67k-people-was-exposed-in-account-hacks/   

McGraw Hill Exposes Personal Info of 100,000 Students  

The information of more than 100,000 students was exposed in an IT setup error by McGraw Hill. The education company misconfigured Amazon Web Services S3 buckets that contained over 117 million files and more than 22TB of data. The exposed information included performance reports, grades, course reading material and teachers’ syllabi for schools like University of Michigan, John Hopkins University and University of Toronto.   

Source: https://www.theregister.com/2022/12/20/mcgraw_hills_s3_buckets_exposed/   

Play Ransomware Hits German Hotel Chain 

After disrupting the city of Antwerp’s IT systems a few weeks ago, the Play ransomware group has struck again. This time the German hotel chain H-Hotels is the victim. The hospitality company has experienced communication outages, but guest bookings haven’t been impacted. While Play claims to have stolen passports, IDs and other personal data in the attack, H-Hotels has stated there is “no evidence that relevant or personal data could be stolen by the cyber attack.”  

Source: https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-german-hotel-chain-h-hotels/   

Survey Reveals Burnout Runs Rampant in Cybersecurity Industry 

A new survey by Norwegian security vendor Promon has shared alarming statistics about employee burnout in the cybersecurity industry. This past year, two-thirds of professionals have experienced burnout. Workload was cited as the biggest source of stress, followed by management issues, bad relationships with colleagues, poor access to required tools and low pay.   

Source: https://www.infosecurity-magazine.com/news/twothirds-security-burnt-out-past/   

 

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board. The next edition of this update will be on January 6, 2023. Happy Holidays!