By John Weiler
Australia’s deepening cybercrime crisis, an alarming surge in ransomware attacks and a multi-agency warning to organizations about their network infrastructure. Here are the stories that rocked the cybersecurity world the week of April 21, 2023.
Threat Advisories and Alerts
Russian State-Sponsored Actors Exploit Cisco Routers
The U.K. National Cyber Security Centre (NCSC), the U.S. National Security Agency (NSA), U.S. Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory warning for the malware "Jaguar Tooth." The custom malware is reportedly being used by Russian state-sponsored APT28 actors to compromise Cisco IOS routers. The APT28 criminal organization is notorious for using zero-day exploits to carry out cyber espionage and has been linked to a variety of attacks on U.S. and European targets. To counteract these assaults, all Cisco administrators should update their routers to the newest firmware.
Payment Giant NCR Suffers Ransomware Attack
U.S. payments giant NCR has revealed it suffered a ransomware attack that struck its Aloha, Hawaii data center. While the company has downplayed the event saying that restaurants affected by the incident can still serve customers, Simon Chassar, the CRO of security company Claroty, believes otherwise. He commented, “Our research shows that 51% of the food and beverage sector reported substantial disruption when hit by a ransomware attack in 2021….Moreover, these attacks can cause significant financial losses for organizations.” NCR has launched an investigation into the attack.
Emerging Threats and Research
March 2023 Sees Record Number of Ransomware Attacks
A report by IT security company NCC Group has revealed that a record 459 ransomware attacks occurred in March 2023, which marks a 62% increase compared to the same month last year. The ransomware gang Clop was responsible for the majority of attacks, recording 129 in total, while other prominent groups such as BlackCat, LockBit, Royal ransomware and Play also committed a significant number of attacks. The two industries that experienced the most incidents were Industrials (construction, engineering, logistics, etc.) and Consumer Cyclicals (hotels, automotive, publishing, etc.). North America bore the brunt of attacks at 48%, followed by Europe at 28%.
Zero-Click Spyware Firm QuaDream Shuts Down a Week after Making Headlines
A mere week after Israeli firm QuaDream was in the news for zero-click spyware that targeted civil servants and key workers, the company is now reportedly shutting down. According to Israeli newspaper Calcalist, the company "hasn't been fully active for a while" and has been undergoing a “difficult situation” for months. QuaDream is one of several Israeli firms that is labeled a private-sector offensive actor (PSOA). These companies create end-to-end hacking tools for customers looking to run targeted cyber operations.
Australians Scammed Out of $3.1 Billion in 2022
New data collected by the Australian Competition & Consumer Commission (ACCC), the Australian Financial Crimes Exchange (AFCX) and other government agencies reveal that Australians lost $3.1 billion to scams last year. The total losses are a record high and represent an 80% increase from those of 2021. While investment scams, remote access scams and payment redirection scams made up more than half of the losses, totaling nearly $2 billion, Australia’s record number of data breaches last year also played a significant role. Australia has been an increasingly popular target for cyberattacks, and major companies were breached last year, including Optus, Telstra, Medibank and MyDeal.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.