Cybersecurity Saturday

From the cyberpolicy front, let’s remember, “Cybersecurity Awareness Month, every October, is a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their data from digital forms of crime.”

CISA adds that the agency “postpone[d] the 5th Annual National Cybersecurity Summit due to the mission-critical work of preparing for the potential impact of Hurricane Ian in the region. The summit was originally scheduled to occur on October 4. Visit CISA’s National Cybersecurity Summit webpage and follow CISA on social media for the latest news and updated registration information when it’s available.”

From the cyber vulnerabilities front —

Cybersecurity Dive informs us in an article posted on September 30

Microsoft is investigating reports of two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016 and 2019, according to a blog post issued Friday. The vulnerabilities do not affect Microsoft Exchange Online Customers.

The first vulnerability, CVE-2022-41040, is a server-side request forgery vulnerability, Microsoft said. The second, CVE-2022-41082, allows remote-code execution when a threat actor has access to PowerShell. 

Microsoft confirmed it was aware of limited targeted incidents with attackers using the two vulnerabilities to compromise systems. During the incidents, an attacker can use CVE-2022-41040 to allow an authenticated attacker to remotely trigger CVE-2022-41082.

The Health Sector Cybersecurity Coordination Center issued an alert on the Microsoft zero day vulnerabilities.

Currently, the full impact to the Healthcare and public health (HPH) sector is unknown; however, the threat actors actively exploiting these vulnerabilities make the HPH sector a potential target.

CISA issued an alert titled “Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server.”

CISA’s other vulnerability advisories issued last week include the following

What’s more, CISA added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 

From the ransomware front, Cybersecurity Dive reports

U.S. businesses were targeted by nearly half of all publicly acknowledged ransomware attacks globally between January 2020 and July 2022, according to data collected by NordLocker and published Tuesday in a report. 

Of the 5,200 cases recorded on ransomware groups’ sites, U.S. organizations accounted for almost 2,400 incidents. Businesses in California, Texas, Florida and New York suffered the greatest number of ransomware attacks, but Michigan businesses were hit hardest when the rate is adjusted by the number of active businesses in each state.

Small- and medium-sized businesses with two to 200 employees suffered the most attacks during the period, accounting for 46%, or 2,300 ransomware attacks total, according to the report.

And here’s the September 30 “The Week in Ransomware“, from the Bleeping Computer.

This week’s news primarily revolves around LockBit, BlackMatter, and the rising enterprise-targeting Royal ransomware operation.

As expected, threat actors now use the leaked LockBit 3.0 ransomware builder for their ransomware operations. For example, the Bl00Dy Ransomware Gang, who previously used Babuk and Conti encryptors, has now switched to a LockBit 3.0 encryptor in an attack on a Ukrainian business.

Researchers also reported that TargetCompany ransomware affiliates are now targeting publicly exposed Microsoft SQL servers.

Another interesting research is the prediction that ransomware gangs may move away from encrypting altogether and switch to pure data exfiltration and file deletion to cut out the ransomware developer. This idea stems from a new file deletion/corruption feature in a data theft tool used by a BlackMatter affiliate.

From the cyberdefenses front —

  • Health IT Security offers six healthcare cybersecurity strategies for successful CISOs; Mastering effective communication, implementing a risk-based healthcare cybersecurity approach, and attracting top cyber talent are all parts of a CISO’s job description.”
  • The Wall Street Journal reports “Heightened Cyber Threat Brings CIOs, CISOs Closer; The work dynamic between IT and cyber leaders is changing as digital fortification becomes more urgent. ‘Everybody’s top of mind is cybersecurity,’ says one CISO.”
  • The Journal adds “A mix of regulation, investor demands and insurance requirements is pushing companies to elevate the oversight of cybersecurity, officials from the U.S. and other countries say.”
  • Cybersecurity Dive tells us about “six things that businesses need to know about the changing privacy landscape. New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.”