Cybersecurity News Round-Up: Week of October 31, 2022
Hello and welcome back to our blog.
Let’s begin with the story pretty much everyone was talking this week: OpenSSL. Late last week, the makers of OpenSSL alerted the world about the real possibility its software was impacted by a critical vulnerability. Many entities, GlobalSign included, were very concerned about that the vulnerability could be the next Heartbleed. Fortunately the vulnerability was not as bad as everyone feared, however experts worldwide recommend patching it now.
Meanwhile, according to cybersecurity company Proofpoint, a “media content provider” has been compromised by a cybercriminal group. The company said this week that the cybercriminal group “TA569” impacted a media organization to spread SocGholish, a custom malware active since at least 2018. The media entity has not been named but is said to provide video content and advertising to major news outlets serving top markets including Boston, New York, Chicago, Miami and Washington, D.C. Curious minds certainly would love to know who the impacted party is but we may never know the whole story.
Australia is continuing to be impacted by massive cyber attacks. The latest entity impacted is the Australian Defence Department, which this week confirmed as many as 40,000 records are at risk. The attack was launched specfically against a communications platform, the ForceNet service, which is used by military personnel and public servants from the Defence Department.
A French-speaking cybercrime group targeting banks – especially those in Africa – and other organizations may have gotten away with as much as $30 million in four years. The cybercrime group dubbed “OPERA1ER,” employs a combination of high-quality spear phishing and off-the-shelf tools. Research from Group-IB says OPERA1ER has carried out more than 30 attacks targeting banks, financial services and telecommunications firms in at least 15 countries: Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Bangladesh, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and Argentina.
The maker of Oreos and Ritz Crackers has settled an extended legal battle related to the NotPetya state-sponsored cyberattack back in 2017. Mondelez International and Zurich American Insurance have been battling for years after the snack giant claimed it suffered $100 million in losses from the attack, including more than 1,700 servers and 24,000 laptops. Despite this, Zurich American initially refused to cover the damage since Mondelez did not have explicit cyber insurance coverage. Details of the final settlement have not been disclosed. The lawsuit fueled debate over who should pay when businesses are hit with state-sponsored attacks.
Finally, the Red Cross is known worldwide as a symbol of help and peace. Now, the organization wants to create a digital emblem for cyberspace protection. The Red Cross announced on Thursday it is exploring such an emblem to alert potential attackers they have entered computer systems of the Red Cross or medical facilities. They view it as a “concrete step to protect essential medical infrastructure and the ICRC in the digital realm.” It sounds like an excellent concept. If it comes to fruition, let’s hope some hackers will abide.
That’s a wrap for the week. Have a great weekend!
Amy
Top Global Security News
AFP (November 4 2022) Red Cross Eyes Digital Emblem for Cyberspace Protection
When Red Cross staff work in conflict zones, their recognizable red-on-white emblems signal that they and those they are helping should not be targeted.
Now, as warfare and attacks increasingly move into cyberspace, the organisation wants to create a digital emblem that would alert would-be attackers that they have entered computer systems of the Red Cross or medical facilities.
The International Committee of the Red Cross (ICRC) called Thursday on countries to support the idea, arguing that such a digital emblem would help protect humanitarian infrastructure against erroneous targeting.
Security Week (November 03, 2022) Over 250 US News Websites Deliver Malware via Supply Chain Attack
Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one of their service providers.
Cybersecurity company Proofpoint reported on Wednesday that a threat actor it tracks as TA569 appears to be behind the attack. The hackers have targeted an unnamed media company that serves many news outlets in the US.
The service provider delivers content to its partners via a JavaScript file. The attacker modified the codebase of that script to push a piece of malware known as SocGholish to the affected news websites’ visitors. More than 250 news sites are impacted, including in Boston, New York, Chicago, Washington DC, Miami, Palm Beach and Cincinnati. The actual number of victims could be higher.
Cyberscoop (November 3, 2022) Four-year cybercrime campaign targeting African banks netted $30 million
A French-speaking cybercrime group pulled off a series of heists over the past four years, netting perhaps as much as $30 million from firms in Africa, Asia and Latin America.
Using a combination of high-quality spear phishing and off-the-shelf tools, the group has carried out more than 30 attacks targeting banks, financial services and telecommunications firms, according to research on the group’s activities published Thursday.
Dubbed “OPERA1ER,” the group works its way into various accounts, gains control of them and then moves money into accounts it controls, before cashing out primarily through ATM withdrawals, researchers with the cybersecurity firm Group-IB concluded in a report shared with CyberScoop.
SC Media (November 2, 2022) Snack giant settles with insurer over $100 million claim tied to 2017 NotPetya attacks
Mondelez International and Zurich American Insurance settled a multi-year legal battle over the snack giant’s $100 million claim regarding losses from the NotPetya cyberattack in 2017.
The closely watched lawsuit has fueled an ongoing discussion over who should pay when businesses are hit by state-sponsored cyberattacks. It could have broader implications for policymakers, highlighting the urgent need for them to devise practical, long-term solutions to address increasing cyber threats blamed on nation-state actors.
ZDNet (November 1, 2022) OpenSSL dodges a security bullet
At first, it looked like the OpenSSL 3.x security bug was going to be truly awful. While it was feared to be a critical error that could lead to remote code execution (RCE), upon a closer examination it turned out to be not so horrid after all.
That’s not to say it isn’t bad. Both CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”) have a CVE rating of 8.8, which is considered “high.” That means they could still cause you real trouble.
If that is, you’re using OpenSSL 3.0.0 to 3.0.6. OpenSSL 1.1.1 and 1.0.2 users don’t have to worry. However, just because your main operating system uses OpenSSL 1.x, don’t think you can ignore these issues. Your applications or containers may use a vulnerable version. In short, before kicking your shoes off and taking a nap, check your code.
Gizmodo Australia (November 1, 2022) Australian Defence Confirms up to 40,000 Records at Risk From Ransomware Attack
The Australian Department of Defence yesterday emerged as the latest victim of a ransomware attack, and as has been the case with the other cyber incidents before it, it’s looking a lot more serious than first thought.
Brought to our attention by the ABC, the attack isn’t against the department itself, rather a communications platform used by military personnel and public servants from Defence.
At first, it was reported that Defence was told no data of current or former personnel appeared to have been compromised. Unfortunately, as was the case when Medibank first realised its systems had been breached, 40,000 records are at risk.
Other Top Security News
Ransomware Attack Disrupts Japanese Hospital for 2nd Day – Bank Info Security
Experian tool exposed partial Social Security numbers, putting customers at risk – Cyberscoop
Vodafone Italy discloses data breach after reseller hacked – Bleeping Computer
Europe’s Biggest Copper Producer Hit by Cyber-Attack – Infosecurity Magazine
Dropbox incident raises questions about how much security pros can depend on MFA – SC Media
U.S. electric cooperatives awarded $15 million to expand ICS security capabilities – Security Week
Gartner reveals top strategic tech trends for CIOs to watch in 2023 – Information Age
How to Prepare for New SEC Cybersecurity Disclosure Requirements – Security Week
US banks report more than $1 billion in potential ransomware payments in 2021 – CNN
How North Carolina Made Cyber a Whole-of-State Affair – GovTech
Gloss