Blog
Latest Cyberthreats and Advisories - December 9, 2022
Chinese actors attack North America, Cuba ransomware and vendors start their predictions for 2023…. Here are the latest threats and advisories for the week of December 9, 2022.
Threat Advisories and Alerts
CISA Sounds the Alarm on Cuba Ransomware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about Cuba ransomware. Although the ransomware references the Republic of Cuba, there is no indication that the threat actors have any connection to the country. Five critical U.S. infrastructure sectors continue to be the target of attacks: Healthcare and Public Health, Government Facilities, Financial Services, Critical Manufacturing and Information Technology. Thus far, Cuba ransomware actors have extorted $60 million in ransom payments from victims and compromised more than 100 entities worldwide. The advisory contains details about the attacks and guidance on ways to mitigate them.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
Google Releases Updates for Another Chrome Zero-Day Vulnerability
Google’s Chrome web browser has been hit with yet another zero-day vulnerability, its ninth of the year. The high-severity flaw (CVE-2022-4262) is reportedly being actively exploited in the wild. Attackers can weaponize the vulnerability to execute arbitrary code or crash the browser application. Patches have been released for the flaw, and Chrome users are urged to update their browsers immediately.
Source: https://thehackernews.com/2022/12/google-rolls-out-new-chrome-browser.html
U.K Government Seeks Industry Input on Cyber Strategy
The Department for Culture, Digital, Media and Sport (DCMS), the U.K. government department responsible for cybersecurity has called for more industry input into cybersecurity policymaking. Speaking at Black Hat Europe, Irfan Hemani, deputy director for cyber security at DCMS detailed plans to solicit feedback via consultation on its policy plans for software security, enterprise IoT, professional qualifications, cybersecurity as part of business resilience and semi-conductor security by design.
Source: https://www.infosecurity-magazine.com/news/government-industry-input/
Emerging Threats and Research
Rackspace Ransomware Attack Causes Email Outage
Cloud computing provider Rackspace has confirmed a ransomware attack is responsible for its recent email outage. The attack occurred last Friday when suspicious activity was detected in the company’s Hosted Exchange environment. As noted in a company press release , Rackspace believes the incident “was isolated to its Hosted Exchange business.” The company has yet to determine if any customer data was accessed by attackers.
Source: https://www.theregister.com/2022/12/06/rackspace_confirms_ransomware/
Norton Predicts Economic Uncertainty to Impact 2023 Cybercrime Trends
With 2022 coming to a close, Norton has released its top cybertrends to watch in 2023. The anti-malware software company believes economic uncertainty will have the biggest impact on cybercrime next year. Not only does Norton predict more breaches as bad actors develop increasingly sophisticated attacks, but also that scammers will prey on vulnerable groups, like short-staffed companies, emotionally unstable consumers and people that rely on government assistance.
Source: https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/
Canada’s Amnesty International Attacked by Suspected Chinese Actors
The Canadian branch of Amnesty International disclosed a breach that occurred this past October. An investigation linked the attack to Chinese state-sponsored actors, evident by the cybercriminals’ behaviors, which match those of common Chinese state actors. The breach comes as no surprise as Amnesty International regularly reports on human rights violations of the Chinese government.
Cyberattack Disrupts French Hospital’s Operations
The André-Mignot hospital located in the Parisian suburb of Versailles was hit by a cyberattack this past Saturday evening. The attack forced the 700-bed hospital offline, leaving the medical center no choice but to cancel all operations and transfer some patients to nearby hospitals. Ransomware looks to be involved. If it is, the incident will be the second major ransomware attack on a hospital near Paris within four months. The Centre Hospitalier Sud Francilien suffered a $10 million ransomware attack in September.
Source: https://www.infosecurity-magazine.com/news/french-hospital-halts-operations/
Chinese Cybercriminals Steal U.S. COVID Funds
Chinese state-sponsored actors have stolen $20 million from U.S. government coronavirus relief funds, including money intended for unemployed workers and businesses. The U.S. secret service believes China’s notorious APT41 cybergang is behind the attacks. While a portion of the stolen $20 million has been recovered, it’s just a drop in the ocean compared to the total amount of U.S. coronavirus fund fraud losses. Estimates reach as high as more than $500 billion.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.