Cybersecurity headlines this week cover some of the major global security updates. You cannot miss catching up on these, as your next major security move might be suggested in one of these updates. Here are this week’s major cybersecurity updates for your perusal:
BlackCat Ransomware Claims Attack on Creos Luxembourg SA
The BlackCat Ransomware group (also known as ALPHV) has claimed responsibility for the recent cyberattack on Creos Luxembourg SA Creos, an electricity network and natural gas pipeline operator that supplies energy to five EU countries. The company underwent a cyberattack between 22-33 July and made it known two days later.
The attack brought down the Creos customer portal, but there were no interruptions in providing services. Reportedly, the adversaries had stolen some data from the compromised systems. The company took immediate ransomware protection measures and has asked customers to wait to receive their personalized breach notifications till the investigations are over.
Creos has urged all customers to reset their account passwords to ensure cybersecurity. Further, if they had used the same password in other online accounts, it was also advised to change those passwords. Creos has declined to comment further on the incident, but BlackCat has added Creos to its extortion site. BlackCat is now threatening to publish 150 GB of stolen files from Creos. This includes their bills, agreements, passports, contracts, and emails.
Google Patches 37 Vulnerabilities in August Security Bulletin
In its monthly security bulletin for August, Google has patched 37 vulnerabilities affecting Android devices. These patches include one for a critical security flaw in the system component that could culminate in remote code execution. This flaw uses Bluetooth to spread and requires no other execution privileges. Tracked as CVE-2022-20345, the Bluetooth vulnerability gets patched this month for Android 10, 11, 12, and 12L devices.
Several remaining flaws were tagged high severity because they could lead to information disclosure or privilege escalation. They affected components such as Kernel, Media Framework, System, MediaTek, Imaginary Technologies, Qualcomm, and Unisoc.
Google advises Android partners to fix all the cybersecurity issues covered in the bulletin and get the security patches soon. The bulletin divides the vulnerable into two security patch levels and urges Android partners to bundle the fixes they plan to address in a single update.
FCC Warns Americans of Growing Smishing Attacks
The Federal Communications Commission (FCC) has recently released a notice warning Americans of the growing number of SMS phishing attacks. SMS phishing or smishing is a type of phishing where adversaries use SMS texts to reach victims. These SMS are usually embedded with links to fraudulent sites and pages spoofed by attackers to steal user credentials and financial data.
The FCC has been tracking consumer complaints reporting malicious text messages and calls. It is said that the number of malicious texts has increased from 15,300 in 2021 to 8,500 in 2022 (so far). Further, billions of robotexts are reported monthly, another threat vector.
Adversaries use different lures to trick users and steal their personal information. These texts usually impersonate reliable sources such as familiar businesses, government agencies, etc., and make claims of unpaid bills, law enforcement actions, issues with package delivery, or bank account-related problems.
When such texts reach you, the FCC advises you not to respond and refrain from sharing personal information. No matter how insignificant the piece of information shared might seem to you, if it’s asked for in a suspicious text, then it can be used against you. Additionally, if you think you have received any suspicious text, then the FCC urges you to report the text at the earliest to ensure cybersecurity for yourself and all others.
Singapore to Set Up Cyber Defense Unit
In line with the increase in cybersecurity issues, Singapore has begun its work towards establishing a dedicated cyber defense unit. The country has passed a few amendments which grant creation of a new digital intelligence unit as part of the armed forces. It also enforces the appointment of a digital chief to ensure that cyber intrusions are handled efficiently, and national cybersecurity is maintained.
The Singaporean government has passed two bills to establish this digital intelligence unit. This unit would be the fourth service unit under the Singapore Armed Forces (SAF) and deal with battling online attacks. This DIS team shall function parallel to the Navy, the Army, and Air Force. This fourth DIS unit is set to operate by year-end and shall be headed by a Chief of Digital and Intelligence Service (CDI).
The objective of the DIS is to ensure that Singapore is well-protected against the entire spectrum of cyber threats. It shall operate as a full-fledged military service arm and protect Singapore’s critical cyber infrastructure. This revolutionary measure to ensure cybersecurity for the nation also saw the Constitution amended to grant discretionary power to the president in appointing the CDI.
BEC and Ransomware Attacks Increase
A recent cybersecurity report states that there has been a 70% increase in the number of business email compromise (BEC) and ransomware attacks reported in the past year. Further, software vulnerabilities were responsible for 50% of these reported attacks, indicating the need for better cybersecurity training, password management, and patch management measures.
Cybersecurity is a major concern for US businesses, and with increasing phishing attacks, keeping businesses safe is becoming increasingly difficult. A study conducted by a renowned cybersecurity firm analyzed over 600 incident response cases from the past year to understand if there was any cybersecurity trend, pattern, or significant vulnerabilities.
They found that 70% of all reported incidents were BEC and ransomware attacks. In addition, 77% of all attacks had software vulnerabilities, phishing, and poor passwords as the initial attack vectors. While known software vulnerabilities led to 50% of the reported incidents, another 50% had not enabled security measures such as MFA. Poor patch management was another important factor, leading to attacks in 28% of the cases.
Healthcare, finance, legal and professional services, tech, manufacturing, wholesale and retail were the top sectors targeted by these attacks and accounted for over 60% of the reported incidents.
FEMA Warns of Vulnerabilities in TV and Radio Networks
The Federal Emergency Management Agency recently released an alert mentioning that software vulnerabilities in the TV and radio networks enable adversaries to broadcast fake messages using the alert system. It noted that some unpatched Emergency Alert System (EAS) devices are operating unsecured. Local and state officials use these national EAS devices to send emergency alerts about child abductions or natural disasters.
Hence, FEMA has urged operators to update their devices and address the software issues at the earliest. The advisory didn’t specify if fake alerts could be transmitted over text messages, but adversaries can very well release fake alerts over radio, TV, and cable networks. So far, there is no evidence of these vulnerabilities being exploited by threat actors.