Here are the top cybersecurity headlines this week to help you understand what’s going on in the cyber world and how you can plan to strengthen your organization’s security posture in 2022.


K-12 Cybersecurity Act Becomes Law

US President Joe Biden recently signed the K-12 Cybersecurity Act into law which will add to the efforts at strengthening the cybersecurity of the K-12 educational institutions. The newly passed law will require the CISA director to analyze the cybersecurity risks facing K-12 schools within 120 days of the act being passed. The CISA director will also have to explore the possible cybersecurity challenges faced by these K-12 schools, including securing information systems, implementing cybersecurity protocols, and protecting sensitive employee and student and employee data.

After this initial study, the CISA director will have to pursue the second objective of the act, which is to publish guidelines for the schools to follow to reduce the risks from cyberattacks. The third objective states that CISA will then use the survey findings to develop an online training toolkit to educate officials on the best cybersecurity tools and practices. Finally, the fourth objective would be to make this entire study process, the guidelines, and the resultant toolkit available to the public on the Department of Homeland Security’s website.

The K-12 Cybersecurity Act became law at a crucial time when cyberattacks on these school systems were at their peak. This new law will now help better secure the information and future of kids.


Ukraine Adopts NSDC’s Information Security Strategy

Ukraine President Volodymyr Zelensky recently enforced the National Security and Defense Council’s decision on the Information Security Strategy. The Ukrainian National News Agency – Ukrinform reports that the relevant decree (No.685/2021) is already upon the President’s website. President Volodymyr states in the decree that the Information Security Strategy was approved in accordance with Article 13 of Ukraine’s Law ‘On National Security of Ukraine’ and Article 107 of the Constitution of Ukraine.

Furthermore, the decision of the National Security and Defense Council of Ukraine on the Doctrine of Information Security of Ukraine dating back to (29th December 2016) has been nullified. The President’s document further states that Ukraine is not alone in facing cybersecurity threats from Russia, and therefore adopting the Information Security Strategy was essential.


AvosLocker Targets US Police Dept & Comes Back with Free Decryptor

The AvosLocker ransomware recently attacked a US police department and provided the free decryptor soon after finding out that it had targeted a government agency. When asked whether the threat actor doesn’t intentionally target government agencies, it affirmed the statement and said that it’s always hard to get taxpayers‘ money and, therefore, it tries to avoid attacking government agencies. However, the threat actor also mentioned that sometimes affiliates attack government agencies without consulting them first. While sharing the free decryptor, AvosLocker refused to mention the files stolen or how they accessed the police department’s network.

Interestingly, their numbers have decreased ever since international law enforcement bodies have begun arresting and punishing ransomware actors. The recent arrest of members of Netwalker, REvil, Clop, and Egregor ransomware gangs undoubtedly served as a lesson to the rest who have shut their operations. These include BlackMatter, DarkSide, REvil, and Avaddon, but we cannot say for sure that they are gone as most of these threat actors continue to operate under different names. Therefore, it is best to continue the ransomware protection measures and be safe rather than sorry.


India to Introduce Stricter Cyber Laws

The Indian government is considering introducing a new bill called the Personal Data Protection (PDP) Bill which will mandate organizations to report cyber attacks within 72 hours (like other territories such as the EU, which follow GDPR guidelines). In addition, the RBI has specified that Indian enterprises will not be allowed to store payment card details from 1st January 2022. Anybody or organization who is not the card issuer and card network cannot hold more than some basic details for identification (for instance, the card issuer’s name or the last four digits of the card).

The new regulations also state that those failing to report a cybersecurity breach within 72 hours or intentionally leak users’ personal data without the data processor’s consent can be subject to potential fine payments and jail terms. The Personal Data Protection (PDP) Bill has listed all these regulations first proposed in December 2019. It will likely be implemented within the next six months, with another two years for full implementation.

The regulations also mention the penalties for various non-conformities – an intentional disclosure of personal data invites a fine of up to INR 200,000 ($2678) or up to three years in prison, and a failure of reporting a data breach on time attracts a fine of up to INR 50 million ($669,308).


New Phishing Campaign Bypasses Patched RCE Flaw

SophosLabs’ cybersecurity experts have uncovered a new phishing campaign that bypasses a recently patched RCE flaw (dubbed CVE-2021-40444) affecting MSHTML components. This new office exploit enables attackers to deliver Formbook malware. The reason behind this suspects to be the narrow focus of the patch, which failed to address the initial issue adequately.

The adversaries send spam emails to victims with the maldoc as a specially crafted RAR archive. This RAR file is written in Windows Script Host and communicates with a malicious JavaScript code once opened. The JavaScript code then uses the word doc to run the PowerShell command in the RAR file after launching the WSH script to get the Formbook malware payload from the attacker’s website.

On very rare occasions, security patches fail to fix security loopholes, and this is one such instance. This is the reason why it is recommended that organizations train their employees to identify phishing emails and have some email security measures in place.


Dridex Targets Employees and Researcher in the Name of Omicron

The notorious banking malware Dridex is targeting cybersecurity researchers and organization employees with phishing emails. These phishing emails come with infected Word or Excel attachments, which, once opened, download malware into the victim’s device. Once installed, Dridex tries to steal victims’ banking credentials and spread itself to other connected devices on the network.

In the latest Dridex attacks, threat actors are trolling security researchers using racist comments and spamming employees with fake termination letters. In some cases, the adversaries are using the fear of Omicron and sending emails to victims stating that they were exposed to a coworker who tested positive for the Omicron variant. The victims are asked to open the attached document for further details, which obviously leads to malware installation. Such malicious phishing schemes continue to keep evolving, and therefore it is advised to never open attachments in suspicious emails or those from unfamiliar sources.

Pin It on Pinterest

Share This