Blog

Latest Cyberthreats and Advisories - January 6, 2023

Jan 06, 2023

Threats-Jan6 The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023.

Threat Advisories and Alerts

Cybercriminals Impersonate Brands with Search Ads And Fake Sites

The U.S. Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are directing internet browsers to malicious sites via search ads. How does the scam work? Bad actors build a fake website that impersonates a legitimate brand and then advertises it to appear at the top of search results. Once browsers click the ad, the malicious site prompts them to enter login credentials, financial information or download ransomware that’s disguised as a program.

Source: https://www.ic3.gov/Media/Y2022/PSA221221

Top Six U.K. Government Impersonation Scams of 2022

As 2023 kicks into gear, the U.K.’s National Cyber Security Centre (NCSC) has looked back at the past 12 months to reveal the top six government email impersonation scams that were taken down. The imitated organizations include the National Health Service (NHS), HM Revenue & Customs (HMRC), TV Licensing, gov.uk (the primary domain for many U.K government services and web pages), Ofgem and the DVLA (the U.K vehicle and driver licensing body). The NCSC received more than 6.4 million reports of potential scams in 2022 and took down 67,300 fraudulent URLs. To protect against these cyberthreats, the NCSC urges consumers to implement two-step verification, shop at trusted retailers and use secure payment methods like a major credit card or PayPal.

Source: https://www.ncsc.gov.uk/news/ncsc-reveals-top-government-email-impersonation-scams-taken-down-in-2022

Emerging Threats and Research

LockBit Ransomware Gang Apologies for Attack on Children’s Hospital

The notorious LockBit ransomware group has offered an apology and a free decryption key to undo a ransomware attack that hit Toronto’s Hospital for Sick Children on December 18, 2022. The gang said the attack was by one of its affiliates who violated LockBit’s policy on targeting medical institutions where ransomware encryption could lead to death. LockBit released a statement addressing the issue, saying, “We formally apologize for the attack on sickkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program.”

Source: https://www.infosecurity-magazine.com/news/lockbit-ransomware-decryptor-kids/

Linux Trojan Attacks Outdated WordPress Sites

Vulnerabilities in 30 WordPress (WP) themes and plug-ins are being exploited by Trojan backdoor Linux malware. If WP sites use one of the outdated add-ons, they could be infected with rogue JavaScript that redirect visitors to malicious websites. While the malware is newly identified, the researchers who discovered it believe it may have been in existence for over three years.

Source: https://www.darkreading.com/attacks-breaches/wordpress-under-attack-from-new-linux-backdoor-malware

Google Settles Location Tracking Lawsuits for $29.5 Million

Google has settled two U.S. location tracking lawsuits filed in Washington, D.C. and Indiana for a total of $29.5 million. Karl Racine, the former attorney general of D.C. whose office filed suit, said Google’s behavior “made it nearly impossible for users to stop their location from being tracked.” The two lawsuits assert that Google used dark patterns, which they describe as employing “deceptive and unfair practices that makes it difficult for consumers to decline location tracking or to evaluate the data collection and processing to which they are purportedly consenting.”

Source: https://www.theregister.com/2023/01/03/google_tracking_settlements/   

Royal Ransomware Group Attacks Prominent Australian University

Queensland University of Technology (QUT), one of Australia’s largest universities, has suffered a cyberattack at the hands of the Royal ransomware gang – a criminal group who gained recent notoriety for targeting the U.S. healthcare industry . The university has experienced significant disruption from the attack, with some exams and courses being rescheduled to early February. While QUT says there’s no evidence of stolen data, Royal Ransomware has published ID cards, email communications and HR files that they claim were from the attack.

Source: https://www.bleepingcomputer.com/news/security/royal-ransomware-claims-attack-on-queensland-university-of-technology/  

Guardian Newspaper Still Struggling After Ransomware Attack

The U.K.-based Guardian newspaper is continuing to struggle to recover from a ransomware attack reported at the end of 2022. Guardian Media Group chief executive Anna Bateson sent a note on January 2, saying that all staff must continue to work from home until at least Monday 23rd January in the U.K., U.S. and Australia to give IT staff time to recover the affected systems. Production of the newspaper and its website have continued despite the issue.

Source: https://pressgazette.co.uk/publishers/guardian-ransomware-attack 

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.