Alerts from national cybersecurity agencies, gaming developer attacks and the Mailchimp/FanDuel breach. Here are the latest threats and advisories for the week of January 27, 2023. 

Threat Advisories and Alerts 

CISA Publishes Report to Help Protect Schools from Cyberthreats 

The recent surge in cyberattacks against the education sector has led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to release a report addressing the issue. The COVID-19 pandemic made educational institutions increasingly vulnerable to cyberthreats, as virtual learning became widespread and led to the rapid adoption of new and untested technologies. The report titled “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats” provides insight into today’s threat landscape as well as recommendations and resources to protect schools.  

Source: https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/cisa-releases-protecting-our-future-partnering-safeguard-k-12   

Russian and Iranian Groups Targeting UK Agencies and Media 

The U.K. National Cyber Security Centre (NCSC) has issued an advisory highlighting the tactics and techniques being used by Russia-based threat actor SEABORGIUM and Iran-based group TA453. Attacks linked to these groups in the UK have targeted specific sectors and individuals related to politics, including academia, defense, governmental organizations, non-governmental organizations (NGOs) and think-tanks, as well as politicians, journalists and activists. The advisory aims to raise awareness of this activity and identify the specifics of these actors’ spear-phishing techniques. 

Source: https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest

ACSC Releases Profile on Royal Ransomware 

The Australian Cyber Security Centre (ACSC) has published an advisory profiling Royal Ransomware, which was first seen in September of 2022 and has reportedly been involved in cyberattacks on at least 70 organizations worldwide. The perpetrators behind the attacks are believed to be Russian-speaking cybercriminals. The calling cards of their attacks include callback phishing, the exploitation of unpatched vulnerabilities and double extortion ransomware, which consists of the encryption of victims’ data and threats to sell or publish it if the criminals’ demands are unmet.  

Source: https://www.cyber.gov.au/acsc/view-all-content/advisories/2023-01-acsc-ransomware-profile-royal    

New NCSC Report Details Cybersecurity Risks for Charities  

A new report released by the U.K. National Cyber Security Centre (NCSC) outlines the potential threats charities face in 2023. Charities are especially vulnerable to attackers as they often have less funds and skilled personnel available for cybersecurity and often operate Bring your own Device (BYOD) policies, raising the risk threshold for security gaps. The report includes case studies that reveal how devastating attacks can be on charities and recommendations to stay protected. 

Source: https://www.ncsc.gov.uk/news/charities-offered-latest-insight-into-key-cyber-threats-to-help-keep-out-attackers   

 

Emerging Threats and Research 

Apple Releases Patches for Actively Exploited Flaw Affecting Older Devices 

Apple has backported patches for critical vulnerability CVE-2022-42856 after seeing evidence of its active exploitation. The security bug is a type confusion flaw in the WebKit browser engine that could lead to arbitrary code execution. In an advisory published earlier this week, the tech giant said, “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.” Security updates have been released for macOS, iPadOS, iOS and watchOS.  

Source: https://www.helpnetsecurity.com/2023/01/24/cve-2022-42856-ios-v12/   

Bad Actors Demand $10 Million Ransom from Riot Games 

California-based gaming developer Riot Games is facing a $10 million ransom demand. Threat actors breached the game developer’s systems last week and stole the source code for the upcoming League of Legends video game. Riot Games has refused to pay the ransom and instead is investigating the attack with the help of consultants and law enforcement. The breach is expected to delay the company’s upcoming patch cadence.  

Source: https://www.bleepingcomputer.com/news/security/riot-games-receives-ransom-demand-from-hackers-refuses-to-pay/    

Mailchimp Breach Leads to Theft of FanDuel Customer Information 

Late last week, U.S. online gambling company FanDuel revealed that the recent breach suffered by its vendor Mailchimp enabled a threat actor to steal the names and email addresses of FanDuel customers. While the theft of this type of information isn’t overly alarming, it could be used in potential phishing attacks. Security researcher Graham Cluley urged FanDuel users to be vigilant and enable two-factor authentication to protect their accounts.  

Source: https://www.darkreading.com/application-security/fanduel-sportsbook-bettors-exposed-in-mailchimp-breach   

Grand Theft Auto V Flaw Could Infect Players’ PCs with Malware 

A security bug (CVE-2023-24059) has been found within the PC edition of Grand Theft Auto V (GTA V) that could allow partial remote code execution (RCE). If attackers eventually achieve full RCE, they could infect victims’ devices with malware. The game’s Reddit community has urged players to avoid playing GTA V while the security flaw is active.  

Source: https://www.itpro.co.uk/security/vulnerability/369913/gta-v-vulnerability-exposes-pc-users-to-remote-code-execution-attacks   

 

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.