According to Reuters, the supply chain compromise involving Progress Software’s MOVEit is far from over. As of now, over six hundred organizations have been breached due to vulnerabilities in MOVEit, and experts predict that thousands more breaches are likely in the future. The Cl0p gang took advantage of this vulnerability starting on May 27th, prompting Progress Software to investigate the issue. On May 30th, Progress issued a warning, followed by a patch on May 31st. However, exploitation of the vulnerability continues, highlighting the complexity and interdependence of software supply chains and the challenge of getting users to patch their systems promptly and effectively.
Moving on to cyberespionage, The Washington Post recently reported that China penetrated Japan’s classified defense networks in 2020. The US NSA discovered the breach, which involved deep and persistent access to classified information on Japan’s defense capabilities and military shortcomings. Reuters notes that Japan has neither confirmed nor denied whether information was compromised in the breach. The incident has strained US-Japanese defense cooperation, particularly intelligence-sharing, as both countries have become increasingly concerned about China’s assertive policies in East Asia.
In another instance of cyberespionage, North Korean hackers successfully breached NPO Mashinostroyeniya, a Russian rocket design bureau. This development is surprising given Russia’s efforts to cultivate closer relations with North Korea, hoping that it would become a supplier of ammunition and other materials for the conflict in Ukraine. However, Pyongyang’s interest in industrial espionage appears to outweigh the growing camaraderie between the two countries.
Victor Zhora, Ukraine’s cybersecurity lead, discussed the phases of Russia’s hybrid war during a Black Hat conference. According to Zhora, the war will continue in cyberspace even after kinetic combat ends. He believes that Russia will remain dangerous in cyberspace until there is a complete change of the political system and power in the country. Zhora divided Russian cyber operations into five phases: preparation, disruption, targeted attacks against infrastructure, cyber attacks coordinated with kinetic strikes, and cyberespionage. Throughout these phases, Russia has conducted influence operations in its interest.
The lessons learned from Ukraine’s experience of hybrid war have provided insights into building cyber resilience. Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), stated that preparing for disruptions, anticipating their occurrence, and focusing on continuity and recovery are crucial for resilience. Risk assessment, resilience planning, and continuous improvement and adaptation are essential components of building cyber resilience.
In terms of threat actors, Germany’s BfV security service warned that Iran’s Charming Kitten threat group is targeting Iranian dissidents residing in Germany and elsewhere. Lawyers, journalists, and human rights activists have been particularly targeted since late 2022. This emphasizes the ongoing threat faced by dissidents and the importance of cybersecurity measures to protect them.
In terms of data breaches, the Police Service of Northern Ireland accidentally leaked the private data of all its serving officers and staff when an employee made an error in responding to a freedom of information request. The leaked information included names, ranks, and locations of the officers. This incident is particularly concerning, as police in Northern Ireland are often the targets of violence due to conflicts over British rule in the region.
The UK’s Electoral Commission also reported a breach of its electoral systems, which was identified in October 2022 but believed to have been ongoing since August of that year. While the Commission believes the information does not pose a significant risk to individuals on its own, it acknowledges that in combination with other personal data, the risk could increase. The Commission has taken steps to improve its security measures.
In terms of vulnerabilities, both Intel and AMD processors have been found to have flaws that could potentially compromise data security. Intel’s x86 processors are vulnerable to a flaw called “Downfall,” which could allow attackers to steal sensitive data from other applications. AMD Zen CPUs have their own vulnerability that could be used to leak privileged secrets and data. Mitigations and firmware updates have been released for these vulnerabilities, but caution is still required.
The US Cyber Safety Review Board recently released its findings on the Lapsus$ group, a group of teenagers that compromised around forty well-resourced organizations. The board noted a collective failure across organizations to address the risks associated with using text messaging and voice calls for multi-factor authentication. The report provides recommendations on how to better manage this type of threat.
In terms of patches, Adobe has released updates for thirty vulnerabilities affecting its Acrobat software, addressing critical, important, and moderate vulnerabilities that could lead to application denial-of-service, security feature bypass, memory leaks, and arbitrary code execution. Microsoft has also released patches for several vulnerabilities, addressing security flaws in various software and operating system components.
Overall, these incidents and vulnerabilities highlight the ongoing challenges faced by organizations and individuals in maintaining cybersecurity and protecting sensitive data. It is crucial to stay vigilant, apply necessary patches and updates promptly, and continuously improve cybersecurity measures to mitigate the risks posed by cyber threats.