Cyber Security Update April 2022

SoftwareONE believes there is a need for additional education when it comes to cybersecurity, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Security Update provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Coca-Cola is investigating claims of a large-scale data breach by Russian-linked cybercrime gang Stormous. The ransomware group hacked the servers of the soft drinks giant and stolen 161GB of data.

Over 8 million users of the mobile payment app Cash App may be affected by a data breach from a former employee. The data downloaded included full names and brokerage account numbers.

Aeropost data breach: The leading e-commerce and logistics company serving Latin America and the Caribbean asked all customers to delete any credit card information they have saved to their Aeropost.com account.

Data breach at US healthcare provider ARcare impacts 345,000 individuals. Sensitive medical and other personal data was potentially exposed.

SuperCare Health data breach impacted more than 318,000 individuals. The incident was one of the year’s largest healthcare data breaches to date.

Lapsus$ hackers published 70GB of source code stolen in the Globant data breach. It seems that the leaked customer source code belonged to companies like Apple and Facebook, DHL, Fortune, CSpan, and Arcserve.

New global Cyber Risk Index (CRI) from Trend Micro: 76% of organizations expect data breaches in 2022. Over one-third of organizations faced seven or more successful network attacks in the past 12 months.

Pandemic burnout is a cybersecurity problem as burned-out employees care less about security measures.

Beware: Fake Windows 10 updates are being used to distribute the Magniber ransomware.

Microsoft Exchange servers hacked: A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.

Numerous new ransomware operations discovered as well as a new ransomware gang called Black Basta.

New trend: ‘Yo-Yo’ DDoS cyber-attacks - What they are and how you can beat them.

Beware: North Korean state-sponsored advanced persistent threat (APT) group targets block chain companies. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima.

FBI reveals BlackCat/ALPHV Ransomware indicators of compromise. BlackCat/ALPHV is the first ransomware group successfully uses RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing.

FBI warning for Food and Agriculture (FA) sector partners: Ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain.

Ransomware Protection Payments – A New Future Trend?

The big idea of recent years has been ransomware-as-a-service (RaaS), in which cybercriminals act like legitimate vendors by renting out software and services. Security experts expect this to change in 2022. They anticipate the rise of a new model that would be described as ransomware-as-a-subscription, in which companies pay a form of protection money in return for a guarantee that they will not be targeted or ransomware variants will not launch in their environments. This would radically shift the nature of ransomware and give criminals a regular income stream. Unfortunately, it could also leave organizations at risk of breaking the law.

The advice around ransomware was always simple: Don’t pay the criminals. The same guidance applies to ransomware-as-a-subscription. If organizations start to pay protection money to criminals, they’ll become emboldened to target more victims. That is why swift, firm action is needed to neutralize the threat of ransomware before it mutates into an even more aggressive and lucrative variant:

• Check your privilege: Appreciate that every user is privileged. If an employee can read emails, open documents, browse the internet, click on links or plug in a USB device, they can cause a ransomware attack.
• Reduce the blast radius: Cut the risk of ransomware. Network segmentation, threat detection solutions and privileged access management (PAM) are three ways of preventing pivot building and lateral moves across the network.
• Increase ransomware resilience: Your security approach should be an ongoing, evolving program, with constant testing of security controls and incident response capabilities. Appoint a security ambassador in every team is also a good idea to help communicate security policies, detect threats and respond to incidents.
• Take account of cyber insurance: It can be a valuable additional tool in the fight against ransomware. Before an attack occurs, the insurance underwriting process raises awareness of cyber threats, identifies how companies should be responding, and educates insureds.

It comes all down to one conclusion: As experts see the rise of new business models for ransomware gangs, your organization must build resilience. If victims make themselves resistant to attack, criminals cannot profit.