Cyberattacks are on the rise and this week’s security headlines cover the major security updates from across the globe. Here are the top cybersecurity headlines this week:

 

Increase in DDoS Attacks

While the world experiences enough cyberattacks every day, the current geopolitical conflict between Russia and Ukraine has aggravated things. The latest DDoS report by Kaspersky notes that cyberattacks (particularly DDoS attacks) hit an all-time high in the first quarter (Q1) of 2022. It mentioned that over 91,000 DDoS attacks took place in Q1, marking a 46% increase in the number of attacks. While most of the attacks targeted the US (45.01%), China (9.34%), and Germany (4.95%) followed closely. Interestingly, 16.35% of the attacks were launched on Sundays when staff was on leave and systems were most vulnerable. On average, these attacks continue for at least 4 hours, but the longest ones went on for up to 23 days/ 549 hours.

The report mentioned that the Ukrainian crisis is a crucial factor leading to these attacks. Only last month, DDoS attacks were launched on Ukrainian WordPress websites. Russian websites too underwent DDoS attacks starting 24th February, which were launched mainly by the Anonymous collective. The report further stated that 69% of customers experienced a DDoS attack, of which 55% of customers underwent multi-vector attacks. Cybersecurity researchers recommend that organizations should remain vigilant. Since these attacks are not going to decrease, the need of the hour is to implement enough cybersecurity measures.

 

Beware Of Onyx – A Variant of the Chaos Ransomware

The Chaos ransomware has a new variant called Onyx, creating havoc in the cyberworld. Like most ransomware actors, Onyx, too, encrypts the files it steals. However, this malware operation goes a step further and destroys all files larger than 2MB. This means that any victim who complies with ransomware demands and hopes to get their data back might be up for disappointment because, in all likelihood, their data will already be deleted. This malware strain was discovered only last week, and its encryption routine resembles that of Chaos.

In a typical Onyx attack, the adversaries steal data from a network before encrypting it and then launch a double-extortion campaign wherein they threaten to release the data publicly if the ransom is not paid. Onyx has been successful in over six attacks so far. Yet another concerning aspect of this ransomware is that it overwrites files larger than 2MB with junk data instead of encrypting them – it only encrypts files smaller than 2MB. Cybersecurity experts advise victims not to pay the ransom as Onyx is driven by evil motives and has no intentions of releasing decryptors even when the ransom is paid – for all we know, the files might be deleted already!

 

Costa Rica Refuses to Comply With Ransom Demands

We usually see city governments readily agreeing to pay massive amounts of ransom to adversaries to get back confidential city data immediately. However, this time around, Costa Rica (victim of the latest cyber-attack on a state) has put up a bold front and made its intentions of not complying with ransom demands very clear. It said that it shall not pay a ransom to malicious actors who have infected the government’s computer systems with ransomware. The attack was first discovered last week by Costa Rica’s Finance Ministry. Reportedly, multiple government processes such as tax collection, importation, and exportation of goods via the customs agency and the payment of public employees were disrupted.

The cyberattacks also targeted Costa Rica’s Labor Ministry, the National Meteorological Institute (IMN), the Ministry of Science, Innovation, Technology and Telecommunications (MISITT), the Social Security agency’s HR portal, and the Radiográfica Costarricense (RACSA). MISITT Head – Paola Vega Castillo reported that although the ministry’s web page was modified, no data belonging to the ministry was compromised.

The Conti ransomware gang has claimed responsibility for this attack on the Costa Rican government. However, its geographical location and identity remain to be revealed. The ransomware gang claims to have access to over 800 Costa Rica government servers and 1 TB of data, including 100 GB of personal data from the Ministry of Finance and 900 GB of databases from the tax administration portal. Conti is demanding a ransom of $10 million, but the Costa Rica President – Carlos Alvarado, has announced that the government will not pay a single penny to the adversaries. In these challenging times, Spain, Israel, the United States, GBM, and Microsoft have extended their help to Costa Rica to regain access to its computer systems.

 

Cyberattacks Target Iran’s Public And Private Sector Agencies

Iran’s authorities have recently tackled several massive cyberattacks targeting government and private sector enterprises. Last week, the country reported that it evaded a cyberattack that could have affected over 100 public sector agencies. While the details of this incident, such as the targeted agencies, services, or organizations, were not revealed, Iran mentioned that the attack was attempted in recent days.

The unidentified cyberattackers used Internet Protocols based in the Netherlands, the United States, and Britain to stage the attacks. Cyberattacks have targeted Iran quite often in the past. In October 2021, an attack disrupted its national fuel distribution system. Another attack in July 2021 crippled its railway system and caused much chaos and train delays. Since the nation has endured plenty of attacks in the past and continues to do so, the best cybersecurity measure would be to update its cyber defense constantly.

 

Beware of New Phishing Campaigns Targeting Facebook Pages

A new phishing campaign is in circulation which impersonates ‘The Facebook Team’ and warns users of a fake emergency intending to steal their Facebook account or page passwords. The adversaries send phishing emails to individual users and administrators of company Facebook Pages and warn them that the page might soon be disabled and removed. Naturally, a user panics and follows instructions to rectify the so-called error. Users are asked to report a Facebook post by clicking on the given link. This link redirects them to a different website where they are to make their ‘appeal.’

On this second page, users must enter their sensitive information such as email addresses, names, and Facebook passwords. This information reaches the adversaries, who can log in to a victim’s page, collect data and even log them out. If a victim has the habit of reusing the same password and email address on other online accounts, adversaries can access those too.

Cybersecurity researchers revealed that this campaign is notable because it has contact points or two links where users need to go before finally letting out their details. Though very legitimate-looking at first glance, such emails usually have loopholes that can be seen as red flags. In this case, the email claimed to be from Facebook, but the sender’s email was unrelated to the company. Further, user emails got redirected to a completely unrelated Gmail address. Facebook has posted a To-Do list for users on its Help Center, which can be followed to avoid such phishing campaigns. Some of the measures suggested include verifying an email’s authenticity by first checking the official website instead of following random links embedded in emails, reporting suspicious emails/notifications, enabling MFA, etc. Apart from Facebook’s initiative, Google, too, has removed the fake Gmail account used in this phishing campaign.

 

Ransomware Attacks Increasingly Target UK’s Education Sector

A recent cybersecurity report states that ransomware attacks increasingly target the UK’s education sector. These attacks can cost up to £2m per incident, and therefore the UK’s education sector must take cybersecurity measures. Ransomware and malware are the major cyber-attacks targeting the education sector, followed by phishing and social engineering attacks.

Over 15 further education (FE) and higher education (HE) organizations were targeted by ransomware in 2020. In addition, over 100 UK schools were also affected. Cybersecurity experts believe that a critical factor behind the increased attacks on educational institutions is the continuation of remote working even after reopening campuses after the pandemic.

Researchers claim that a lot of personal data continues to be stored on devices outside campuses which has led to additional security challenges. This increasing risk against cyberthreats is not met by equal security measures, and only some universities have deployed multi-factor authentication and other ransomware protection measures.

Pin It on Pinterest

Share This