The cyber-world never sleeps or remains dormant. By the time you finish reading this post, an attack would have compromised some system somewhere, and that is precisely why it is so important for us to stay abreast of the weekly cybersecurity headlines. Following are the cyber incidents in headlines this week.
HelpSystems All Set to Acquire Alert Logic
Since last year, the Minnesota-based software firm HelpSystems has been on a cybersecurity buying spree. Its previous purchases include Tripwire (acquired for $350 million), data protection firm Vera, data loss prevention specialists Digital Guardian, threat intelligence company PhishLabs, content protection firm Clearswift, vulnerability assessment, and compliance solutions firm Beyond Security, email security company Agari and vulnerability management company Digital Defense. HelpSystems has recently expressed interest in acquiring the Texas-based managed detection and response (MDR) services provider – Alert Logic.
While the terms of the agreement have not been disclosed, HelpSystems takes pride in welcoming the cybersecurity experts at Alert Logic into its own team. The latter has over 4,000 customers globally and specializes in augmenting customers’ existing cybersecurity resources by taking care of SaaS, cloud, protect on-premise and hybrid environments. It further ensures that regulatory requirements are always met, including HIPAA HITECH, PCI DSS, GDPR, SOC 2, Sarbanes-Oxley (SOX), NIST 800-171, and 800-53, COBIT, ISO 27001, etc. Alert Logic was started in 2002 and was last owned by the private equity firm Welsh, Carson, Anderson & Stowe in 2013.
HelpSystems foresees a fast change in the cybersecurity world and therefore believes in staying ahead of the rest in the race to ensure enhanced and better cybersecurity tools for customers. The latest Alert Logic acquisition attempts to better its position in the same interest. HelpSystems is hopeful the merger will help both companies serve their customers better.
Ukraine To Be An Accepted NATO CCDCOE Member
With the ongoing war and cyberattacks targeted at Ukraine, the nation has been accepted as a member of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). This CCDCOE membership comes before Ukraine’s formal North Atlantic Treaty Organization (NATO) membership. CCDCOE is a cyberdefense hub that is used by member nations for cybersecurity-related training or research purposes. The CCDCOE membership shall enable Ukraine to access and share the cyber-expertise of other NATO member nations, thereby strengthening its own national cybersecurity foothold.
This move benefits both Ukraine and NATO CCDCOE as the former’s first-hand experience in dealing with major threat actor groups can be used for research, training, and exercises. Ukraine was to join the NATO Alliance back in 2008, but the matter took a backseat owing to Russian objections. However, NATO re-announced Ukraine’s consideration of the NATO membership at a June 2021 summit which is likely to happen after it goes through the Membership Action Plan.
BBC Constantly Targeted by Phishing And Malware Attacks
Official statistics obtained through a Freedom of Information Act (FOI) request revealed that between 1st October 2021 and January 2022, the British Broadcasting Corporation (BBC) underwent 383,278 phishing, spam, and malware attacks daily. A Parliament Street think tank analyzed these figures and found that around 50 million malicious emails were sent to the BBC during this period. The daily attack average on BBC has increased from 283,597 phishing emails in 2020 to 383,278 phishing emails in 2022.
Of the 47,143,313 malicious emails sent to BBC in the four months between October 2021 and January 2022, 291,042 were categorized as phishing emails and 70,589 as malware attacks. This comes down to 574 malware attacks and 2,366 phishing emails on BBC employees every day. Cybersecurity experts opine that this increase in the number of attacks is caused by the rising threat of Omicron and the ongoing busy shopping periods.
A common reason for launching phishing campaigns is to steal the login credentials of renowned journalists. And BBC becomes an attractive target for cybercriminals with the possibility of stealing nationally, politically, socially, or economically relevant data and credentials. Thus, there is a need for organizations to alert and train their employees against potential phishing attacks.
Mozilla Patches Two Vulnerabilities in Firefox Web Browser
Mozilla has launched out-of-band software updates for its Firefox web browser to patch two high-impact security vulnerabilities (CVE-2022-26485 and CVE-2022-26486). Reportedly, both these zero-day vulnerabilities are being actively exploited. The CVE-2022-26485 and CVE-2022-26486 vulnerabilities affect the WebGPU inter-process communication (IPC) Framework and the Extensible Stylesheet Language Transformations (XSLT) parameter processing.
While CVE-2022-26485 could lead to an exploitable use-after-free vulnerability by removing an XSLT parameter during processing, CVE-2022-26486 could lead to an exploitable sandbox escape and a use-after-free vulnerability by sending an unexpected message in the WebGPU IPC framework. Mozilla was notified of the open exploitation of these two bugs, but it has refrained from sharing the technical details of the intrusions. Cybersecurity experts at Qihoo 360 ATA -Liu Jialei, Wang Gang, Du Sihang, Yang Kang, and Huang Yi were the first to discover and report the flaws.
Mozilla users are advised to upgrade to Firefox 97.0.2, Focus 97.3.0, Firefox ESR 91.6.1, Thunderbird 91.6.2, and Firefox for Android 97.3.0. CISA also released an update asking federal agencies to get patches for these vulnerabilities by 21st March 2022.
Google Workspace Comment Notifications to Now Include Sender’s Email
In line with the news that recently made it to the headlines, which said that adversaries have been exploiting a flaw in the comment feature of Google Workspace for over a year now, Google has incorporated some changes in its Google Workspace comment notifications. This step is to ensure ransomware protection for GSuite users.
Earlier, when someone added a comment in a Google Workspace document by mentioning someone, the auto email notification would only include the commenter’s name and the comment. Using this blindspot, hackers would create fake email addresses and send malware to users – the only action needed from the user is opening the link in the email. Hence, Google has introduced this new feature wherein the email notification includes the commenter’s email address. This move shall help users evaluate where an email comes from legitimate sources. Google announced that this feature would be automatically added to all legacy G Suite Basic, Google Workspace, and Business customers in a couple of weeks. The update will also be released for personal Google account users.
FBI Warns of Growing Ragnar Locker Attacks
The FBI recently notified that the Ragnar Locker ransomware group had attacked more than 50 US-based organizations in the recent past. Most of these victims come from critical infrastructure sectors. Therefore, the CISA and the FBI had jointly released an alert recently to provide a background on how Ragnar Locker operates. The alert also mentioned the ransomware protection strategies organizations could use against Ragnar.
Reportedly, 52 organizations across ten critical infrastructure sectors (including manufacturing, energy, financial services, IT, government, etc.) were targeted by Ragnar Locker. The alert also mentioned the Bitcoin and email addresses used to collect ransom and contact victims. In a typical attack, Ragnar operators stop remote management software such as Kaseya and ConnectWise to evade detection and make sure that logged-in admins cannot intrude in the deployment process. In this notification, the FBI encourages security professionals to share any information they may have on the attack patterns. These often accelerate the investigation process and help in identifying the attackers.