SoftwareOne logo

4 min to readNews and UpdatesDigital WorkplaceCloud Services

Cyber security update, March

Ravi Bindra
Ravi BindraCISO
A woman's finger is pointing at a colorful screen.

Last update: April 5th, 2023
SoftwareOne believes there is a need for additional information when it comes to cyber security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly "Cyber security update" provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest Security Breaches

Members of Congress have sensitive information exposed in data breach

District of Columbia health insurance data has been stolen by cybercriminals, comprising the personally identifiable information (PII) of more than 56,000 people, including at least 17 current or former members of Congress and hundreds of Congressional staff.

District Court approves USD 1.75 million data breach settlement

Nearly 100,000 students and parents enrolled in a California school district system – used to manage student data – have been awarded USD 1.75 million by the U.S. District Court for the Central District of California. The class action settlement is related to a 2020 data breach and was approved as the victims’ credentials were not properly secured and they weren’t properly informed of the breach, violating the California Customer Records Act and the California Consumer Privacy Act.

Data Breach at Healthcare Provider ILS compromises millions of patients

Attacks on the healthcare sector seem to be increasing. Miami-based managed healthcare provider Independent Living Systems (ILS) has informed more than 4 million of its customers about a breach that exposed PII, as well as protected health information. 

AT&T informs 9 million customers about data breach

A breach at one of AT&T’s marketing vendors has exposed its Customer Proprietary Network Information (CPNI) of around 9 million customers, including names, email addresses and phone numbers.

Cybersecurity Awareness

OpenAI: ChatGPT payment data leak caused by open-source bug

ChatGPT, the artificial intelligence service from OpenAI, was taken offline for a short time after users reported seeing other people’s chat queries and email addresses. OpenAI explained that the issue was caused by a bug on the Redis client open-source library, which exposed the personal information of 1.2% of its premium subscribers.

FBI confirms access to breached cybercrime forum database

The FBI has confirmed it has gained full access to the underground hacking forum BreachForums – also known as Breached. Its alleged owner, Conor Brian Fitzpatrick, 20, was arrested for his involvement in stealing and selling information related to millions of US citizens, as well as hundreds of US and foreign companies. Fitzpatrick was caught after using his iPhone to access the forum and has admitted his involvement.

PayPal sued for negligence in data breach that affected 35,000 users

Alleged victims of a PayPal data breach have sued the company in a federal court for its failure to safeguard personal data. The victims are requesting class-action certification. Almost 35,000 people were affected by the cyberattack in late 2022.

Brazilian conglomerate Suffers 3TB data breach

Hackers have stolen 3TB of corporate data from Brazilian multinational Andrade Gutierrez, one of the largest engineering firms in Latin America. The exposed data includes PII of around 5% of its workforce, as well as blueprints to several major construction projects that were used in the 2014 World Cup and 2016 Olympic Games.

Cybersecurity Intelligence

Agencies warn about LockBit 3.0 Ransomware-as-a-Service upgrade

Law enforcement and cybersecurity agencies are warning about the launch of LockBit 3.0, which functions as a Ransomware-as-a-Service (RaaS) toolkit and is an update to LockBit 2.0 and LockBit. This latest version is also known as LockBit Black and is more modular and evasive than previous versions.

Threat actors exploit Progress Telerik Vulnerability in US Government IIS Server

The Cybersecurity and Infrastructure Security Agency (CISA) identified Indicators of Compromise (IoCs) at Progress Telerik – a federal civilian executive branch (FCEB) agency – spanning the period from November 2022 to early January 2023. Multiple threat actors, including an APT actor, managed to exploit a .NET vulnerability in Progress Telerik’s user interface.

CISA and FBI issue Royal Ransomware advice

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory in an effort to disseminate known Royal ransomware IoCs and tactics, techniques and procedures (TTPs) to help organisations defend themselves from ransomware attacks of this variant.

Hot Topic of the Month: March 2023

2023 Cybersecurity Maturity Report reveals organisations aren’t prepared for attacks

A report by CYE has shed light on a problematic trend of organisations being unprepared to defend themselves from cyberattacks, with global incidents increasing by 38% in 2022. The report highlights the industries and countries that have the strongest cyber defence and response, as well as which are the most vulnerable.

The report breaks down data from hundreds of cyber assessments across 11 different market sectors and 15 countries, taking a look at how well industries and countries are performing in addressing seven core security domains. The seven domains were:

  • Application-level security
  • Cross-organisation policies, procedures and governance
  • Identity management and remote access
  • Network-level security
  • Security operations monitoring and incident response
  • Sensitive data and information management
  • Servers, network equipment and endpoint security

The report found that Norway scored the highest across all seven security domains out of the countries evaluated, and the energy sector was the best performing sector.

Mexico scored the lowest out of all the countries, and the lowest scoring industries were the retail sector and the public sector, both tied for last place.


 

Earlier March Updates

Latest security breaches 2022

Credit bureau TransUnion (South Africa) confirmed that at least three million consumers are affected by a data breach. Access was gained to a server through the misuse of an authorised client’s credentials.

A hotel and an online retailer in Hong Kong have recently suffered a data breach of their IT systems, which affected information they held on over 1.2 million customers.

Samsung confirmed a security breach after hackers leaked almost 200 gigabytes of confidential data, including source code for various technologies and algorithms for biometric unlock operations.

A data breach at US chipmaker giant Nvidia exposed credentials of over 71,000 employees.

Conti Group suffers massive data breach. The leaks cover over a year’s worth of internal communications from January 2021 until February 2022.

UK ferry operator Wightlink flags potential data breach after ‘highly sophisticated’ cyber-attack. The attack affected certain back-office IT systems, but not its ferry services, booking system, or website.

Hacker group Anonymous leaked data, emails and passwords of food giant Nestlé’s customers and warned other companies that continued doing business in Russia that they would be next.

Alacrity Solutions Group, LLC confirmed a data breach stemming from unauthorized activity on its computer network. Personal and sensitive information of certain consumers was compromised.

Cyber security awareness

IT Security Management: 7 Pressing Cyber security Questions Boards Need to Ask.

Closing the cyber security skills gap – Microsoft expands efforts to 23 countries. These countries have an elevated cyber threat risk, coupled with a significant gap in their cyber security workforces.

A data breach has rippled through the crypto industry: About 30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG.

Cyber security remains one of Malaysia’s top concerns following a drastic rise in online crimes reported in the country.

3 Information Security Policies to help create a strong Anti-phishing Foundation.

The Western Australian government allocates AU$25.5m to expand cybersecurity services.

Why companies are moving to a ‘zero trust’ model of cyber security.

Cyber security intelligence

Joint Cyber security Advisory: Tactics, techniques and procedures of indicted state-sponsored Russian cyber actors targeting the Energy sector.

Google issues emergency security update for 3.2 billion Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.

FBI publishes RagnarLocker ransomware indicators of compromise. Actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.

Warning: Russian State-sponsored cyber actors gain network access by exploiting default Multifactor Authentication Protocols and “PrintNightmare” vulnerability.

TRITON malware remains threat to global critical infrastructure Industrial Control Systems (ICS). TRITON was malware designed to cause physical safety systems to cease operating or to operate in an unsafe manner.

Watch out: Indicators of compromise associated with AvosLocker Ransomware. AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group targeting victims across multiple critical infrastructure sectors.

Hot topic of the month: 10 surprising security risks inside your office

While organizations are becoming increasingly aware of online security threats, physical security is an often-ignored challenge for many businesses – especially since employees have returned to work in the office. Since many businesses are constantly warned of threats caused by poor device and network security, protecting their actual office has fallen to the wayside.

Malicious actors, or people who want to steal valuable company assets, will exploit any method to gain access to valuable information – whether it’s taking advantage of social norms, office security, or IoT devices, they will always try to find a way. Here are ten security risks to be aware of to help you guard against the most common risks in your office:

  1. Tail Gaiting
  2. Document Theft
  3. Unattended Devices
  4. Old Devices
  5. Unaccounted Visitors
  6. Stolen IDs
  7. Mysterious USBs
  8. Known USB Devices
  9. Unauthorized Installations
  10. Keylogging

As you can see, your organization needs to be acutely aware of threats that commonly occur within the four walls of your office. Often, it requires extensive, regular employee training as well as a vigilant IT team. However, it all begins by taking inventory of both online and offline security measures. If your business takes both physical and virtual security seriously, they will be protected against a range of dangerous threats.

A blue ocean with sunlight shining through the water.

Useful tips to increase your office security

Security threats lurk in every organization – is yours prepared?

Useful tips to increase your office security

Security threats lurk in every organization – is yours prepared?

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.