Cybersecurity Update March 14th 2023: The Importance of Proactive Cybersecurity Measures

In today’s digital age, businesses are increasingly reliant on technology to operate, and with this reliance comes the increased threat of cyberattacks. As cyber threats continue to evolve and become more sophisticated, it is essential for businesses to prioritize cybersecurity as an ongoing process and not just a one-time event. Today we will discuss several recent news stories that highlight the importance of proactive cybersecurity measures for businesses.

New Vulnerability in Fortinet’s 40 OS Operating System

According to Bleeping Computer, a new vulnerability has been discovered in Fortinet’s 40 OS operating system. Hackers have already exploited this vulnerability as a zero-day attack to target government networks. The bug, tracked as CVE 2023-34567, allows attackers to execute arbitrary code with administrative privileges. Fortinet has released a patch for this vulnerability, and all Fortinet users are strongly recommended to update their systems as soon as possible. This incident serves as a reminder of the importance of promptly updating systems and software to prevent such vulnerabilities from being exploited by hackers.

Microsoft Issues Warning Regarding Large-Scale Phishing Emails

Microsoft has issued a warning regarding a large-scale use of phishing emails that leverage fake Office 365 login pages to steal user credentials. These emails appear to be coming from legitimate organizations and contain a link to a fake login page that looks almost identical to the real Microsoft Office 365 login page. Once a victim enters their credentials, the attackers can steal them and use them for further attacks. To protect against such attacks, businesses must educate their employees about phishing attacks and how to spot them. Implementing multi-factor authentication (MFA) is also crucial, as it provides an additional layer of security that makes it more difficult for attackers to gain access to accounts even if they have stolen the user’s credentials.

Lockbit Ransomware: A Growing Threat

The Lockbit ransomware has become increasingly prolific in recent months. According to The Hacker News, this ransomware is being distributed through phishing emails and exploit kits and has been used to attack businesses in various industries. Once Lockbit infects a system, it encrypts all the files and demands a ransom payment in exchange for the decryption key. The best way to protect against ransomware attacks is to implement a comprehensive backup strategy that includes off-site backups. In the event of a ransomware attack, having recent backups will allow businesses to recover their data without having to pay the ransom. Additionally, educating employees about phishing attacks and how to spot them is crucial in preventing ransomware infections from occurring in the first place.

North Korea Targets Security Researchers

In June 2022, Mandiant reported that it spotted the North Korea-linked threat actors UNC2970 operating a phishing campaign that specifically targeted security researchers. The campaign used job recruitment-based lures in a spear-phishing approach, impersonating legitimate recruiters and eventually shifting conversations to WhatsApp, where it delivered malicious Word docs to install a backdoor. Businesses must ensure that their employees are trained to recognize and report suspicious emails, especially those that are seemingly from legitimate sources.

UK Launches National Protective Security Authority

The UK has launched a new body, the National Protective Security Authority (NPSA), as part of its MI5 domestic intelligence service. The NPSA will work with UK organizations, informing them of “state-sponsored attempts at stealing sensitive research and information.” With the emerging geopolitical threats from Russia’s Ukraine invasion and “China’s economic coercion,” the NPSA will work with the National Cyber Security Centre to provide training, tooling, and guidance. Businesses must ensure that they are aware of the risks of state-sponsored cyberattacks and take the necessary measures to protect their systems and data.

Banking failures impact cryptocurrency industry

The collapse of banks like Silvergate Capital, Silicon Valley Bank, and Signature Bank have already had significant impacts on the cryptocurrency industry. These banking failures have made it harder for commercial clients to continue making payments in cryptocurrency. Signature Bank’s Signet and the Silvergate Exchange Network were core real-time payment platforms with instant settlement services, which made them an essential component of the cryptocurrency ecosystem. However, with these banks now gone, the industry is experiencing some instability. In particular, stablecoins seem to have been hit the hardest by this banking crisis. The USDC stablecoin, for example, lost its peg to the US dollar, dropping down to $0.87 at one point over the weekend. While federal guarantees of deposits did help rally bitcoin and other cryptocurrency prices, the impact on the wider cryptocurrency market remains to be seen.

The risks of fake ChatGPT extensions

A technical report from Guardio Labs researcher Nati Tal highlighted a fake ChatGPT Chrome extension that is spreading malware. This extension is designed to hijack Facebook business accounts by harvesting cookies, and then it creates rogue admin accounts to retain access. The operators use this to push Facebook paid ads that attempt to further hijack other accounts. The extension saw 2,000 installs a day from March 3 before Google pulled it on March 9th. Threat actors see the potential for using the promise of early and exclusive access to ChatGPT as a lure for malicious purposes. Last month, Cyble reported a social engineering campaign using ChatGPT access as a way to download infostealers, and researchers have reported numerous malicious ChatGPT apps on the Google Play Store. As always, users are advised to exercise caution when downloading browser extensions or apps and to be wary of any offers that seem too good to be true.

Emotet returns from hiatus with new targets

After a three-month hiatus, the pernicious threat group Emotet has resumed activity. However, it appears that Emotet operators are now targeting high-value corporate networks with malicious emails. The end result seems to be obtaining access that they can sell to ransomware groups. This marks a significant shift for the group, which started as a banking trojan and operated more recently as a massive botnet. Deep Instinct’s Threat Research team reports that they saw the group attaching malicious Word files in its emails with macros that could eventually execute its DLL. Emotet appears to get around traditional security scanning by making the initial attack file and payloads inflated to 500 megabytes.

Estonia’s elections targeted by cyberattack

The head of the National Cyber Security Centre-Estonia recently informed The Record that threat actors unsuccessfully targeted the country’s parliamentary election earlier this month. This came as Estonia used its internet voting system for the first time in an election. Officials said that attackers did not successfully enter its electoral system, specifying that “nothing out of the ordinary happened.” Estonia said that cyberthreat activities were consistent with what it has seen over the last year since Russia invaded Ukraine. Officials declined to give specifics on the attack. This incident serves as a reminder of the importance of securing electoral systems and ensuring that they are resilient to cyberattacks.

Outlook App for Android and iOS to Receive Built-In Microsoft 365 MFA

In a more positive story, Microsoft has announced that its Outlook app for Android and iOS will soon receive built-in Microsoft 365 MFA. This will provide an additional layer of security for users and protect against account hijacking and unauthorized access. This is great news for businesses that use Microsoft 365 as it will help them to better protect their data and systems. However, businesses must ensure that their employees are using the latest version of the Outlook app and are aware of the importance of enabling MFA to fully benefit from this new feature. Based on these stories it is clear that it is essential for businesses to take proactive steps to protect themselves against cyber threats by regularly updating systems and software, educating employees about phishing attacks, implementing multi-factor authentication, and having a comprehensive backup strategy. By taking these steps, businesses can significantly reduce their risk of falling victim to cyber attacks. Remember, cybersecurity is an ongoing process, and businesses must continuously monitor and update their security measures to stay ahead of potential threats. That wraps up todays Cybersecurity update. As always stay safe, stay vigilant, and we will be back tomorrow with another update!