US Government agencies have disclosed that they were compromised by the Cl0p ransomware gang through vulnerabilities in the MOVEit file-transfer system, according to CISA director Jen Easterly. Progress Software, the FBI, and federal partners are working together to investigate the extent of the intrusions and provide support to affected agencies. Easterly emphasized that the Cl0p actors have not threatened to extort or release data stolen from government agencies, but the situation is being treated with urgency. The US Department of Energy confirmed that two of its entities, Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, were compromised in the attack.
In other cybersecurity news, researchers at Mandiant revealed that the CosmicEnergy malware, initially believed to be a threat to electrical distribution and critical infrastructure, is actually a training tool for exercises related to electric infrastructure attacks. Dragos conducted its own research and concluded that CosmicEnergy does not pose an immediate risk to OT environments and there is no evidence of active deployment by adversaries. While these findings are reassuring, it is important to remain vigilant against potential future threats.
Abnormal Security warns that attackers are utilizing generative AI platforms like ChatGPT to create convincing phishing emails. These AI-assisted phishing attacks are using grammatically correct templates to impersonate vendors, making it harder to detect and defend against such attacks. Businesses should be cautious and implement robust security measures to prevent falling victim to these sophisticated phishing attempts.
The impact of ransomware attacks on organizations has come into focus with the closure of St. Margaret’s Health in Spring Valley, Illinois. The hospital blamed financial pressure caused by a ransomware attack earlier this year for its inability to submit claims to payers. The systems were down for several weeks, resulting in months of catch-up and recovery efforts. The closure of St. Margaret’s Health highlights the devastating consequences that ransomware attacks can have on critical infrastructure, emphasizing the need for enhanced cybersecurity measures in healthcare organizations.
Research conducted by BlackFog revealed that 61% of small and medium businesses (SMBs) have experienced successful cyberattacks in the past year. These attacks lead to an average of five data breaches, malware infections, or ransomware attacks per organization. The main impact of these attacks on SMBs is business downtime, with 58% of respondents reporting such effects. Additionally, these attacks negatively impact customer trust and retention, leading to the loss of customers and customer data. It is crucial for SMBs to prioritize cybersecurity and implement robust defense mechanisms to protect themselves and their customers from cyber threats.
In Russia-Ukraine hybrid war news, French authorities uncovered a coordinated campaign by Russian actors aimed at planting and amplifying disinformation. The campaign included the creation of fake web pages impersonating French media outlets and government sites, as well as the use of fake accounts on social networks. The French Ministry of Foreign Affairs condemned these actions, emphasizing France’s support for Ukraine in the face of Russia’s aggression. Meanwhile, Ukraine’s Cyber Police arrested three individuals involved in automated disinformation campaigns, conducted using inauthentic accounts operated in the Russian interest. The criminals received payment in Russian rubles, laundered through prohibited (in Ukraine) payment services and cryptocurrencies.
In terms of cybersecurity patches, Microsoft and Adobe have released updates to address critical vulnerabilities. Microsoft patched six critical flaws, none of which have been exploited in the wild. Four of these vulnerabilities could result in remote code execution. Adobe has patched twelve vulnerabilities in Adobe Commerce, which could lead to arbitrary code execution, security feature bypass, and arbitrary file system read. Both organizations urge users to apply these updates to protect their systems from potential exploitation.
In terms of crime and punishment, two Russian nationals have been charged with the 2014 hack of the Mt. Gox cryptocurrency exchange, considered one of the biggest cryptocurrency heists in history. The hackers stole over 647,000 bitcoins from the exchange and used them in an illicit crypto exchange known as BTC-e. The individuals are facing charges of conspiracy to commit money laundering and operating an unlicensed money services business. Additionally, a 20-year-old Russian national has been arrested in Arizona for his alleged involvement with the LockBit ransomware gang. Ruslan Magomedovich Astamirov is facing charges related to his participation in ransomware attacks.
This concludes the latest cybersecurity news updates, providing insights into the exploitation of MOVEit instances by the Cl0p ransomware gang, the status of CosmicEnergy as a training tool rather than an immediate threat, the utilization of AI-generated phishing attacks, the impact of ransomware on the closure of a hospital, cyber risk trends for SMBs, updates on the Russia-Ukraine hybrid war, recent patches from Microsoft and Adobe, and notable crime and punishment cases. As cyber threats continue to evolve, it is crucial for organizations and individuals to stay informed and implement robust security measures to protect against potential attacks.