Hello and welcome back to our blog!
It certainly has been quite an eventful week. Here’s a compilation of what’s been happening in cybersecurity.
Seattle-based freight company Expeditors International announced a cyberattack on Sunday that crippled some of their operating systems. The logistics and freight forwarding giant was forced to shut down most of their operating systems worldwide. According to the Wall Street Journal, the company warned in its quarterly report issued Tuesday that the cyberattack could have a material adverse impact on the company’s results. Even more concerning, the company did not provide a timeline of when its operations will resume.
Networking giant Cisco warned that users of its Firepower firewalls – physical and virtual – may need to upgrade their kit within a four-day window or miss out on security intelligence updates. The company’s “Field Notice” on Monday advised that the SSL certificate authority used to sign certificates for Talos security intelligence updates will be decommissioned and replaced on March 6, 2022. If Firepower customers do not perform the necessary work, Cisco Talos security intelligence updates might fail after March 5, 2022 (for the affected versions.)
CitiBank disclosed that an ongoing large-scale phishing campaign is targeting its customers. CitiBank is the fourth largest bank in the U.S. The campaign requests recipients to disclose sensitive personal details to lift alleged account holds. The cyber criminals behind the campaign use emails appearing to come from the bank, with CitiBank logos, sender addresses appearing to be legitimate and professional-looking content. The messages within the emails claim that the customer’s account has been put on hold due to a suspicious transaction or a login attempt from someone else. Because of this, the attackers claim they should take urgent action to verify their accounts to avoid permanent suspension.
New research from IBM revealed that supply chains were the focus of criminals last year – and that manufacturers bore the brunt of attacks. According to a ZDNet article about IBM's annual X-Force Threat Intelligence Index, businesses are now being "imprisoned" by the active exploitation of vulnerabilities and the deployment of ransomware. IBM’s research found that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems.
Also this week, the National Institute of Standards and Technology (NIST) announced that, to keep pace with the changing cybersecurity landscape, it is planning to revise the widely adopted NIST Cybersecurity Framework (CSF). In doing so, NIST is asking the public for information that would improve the effectiveness of the CSF and its alignment with other cybersecurity resources. The agency is also requesting suggestions to inform cybersecurity guidance related to supply chain risks.
That’s a wrap for this week. Stay safe, and enjoy the weekend!
Amy
Top Global Security News
Bleeping Computer (February 24, 2022) Citibank phishing baits customers with fake suspension alerts
An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds. The campaign uses emails that feature CitiBank logos, sender addresses that look genuine at first glance, and content that is free of typos.
The CitiBank customers targeted in these attacks are informed that their account has been put on hold due to a suspicious transaction or a login attempt from someone else. Because of this, the attackers claim they should take urgent action to verify their accounts to avoid permanent suspension.
If the embedded button is clicked, the victims are taken to a website that looks deceptively like a real Citibank portal, where they are requested to sign into their online account. Of course, any user ID and password pairs entered on this website go directly to the threat actors, who may then use the stolen credentials to compromise banking accounts and empty balances.
The Register (February 23, 2022) Cisco warns firewall customers of four-day window for urgent updates
Cisco has warned users of its Firepower firewalls – physical and virtual – that they may need to upgrade their kit within a four-day window or miss out on security intelligence updates.
A Monday Field Notice advised that the SSL certificate authority used to sign certificates for Talos security intelligence updates will be decommissioned and replaced on March 6, 2022.
The updates deliver lists of sites identified as sources of malware, spam, botnets, and phishing to Cisco appliances, which can automatically apply them so that admins don't have to add to the always-growing list of threats manually.
But once Cisco changes to the new certificate authority, Firepower devices "might" not be able to receive Talos updates. Snort rule updates, the Cisco Vulnerability Database, and the Geolocation Database will still flow.
ZDNet (February 22, 2022) Billion-dollar logistics giant Expeditors struggling to recover from cyberattack
Logistics and freight forwarding giant Expeditors International announced a cyberattack on Sunday that crippled some of their operating systems and continues to slow their operations around the globe.
The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyberattack.
"The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down, we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers' shipments," the company said in a statement.
ZDNet (February 22, 2022) Hackers tried to shatter the spine of global supply chains in 2021
IBM researchers say supply chains were the focus of criminals last year and manufacturers bore the brunt of attacks. Cybercriminals have invested their efforts into breaking supply chains over the past year, with the manufacturing sector now becoming a top target.
According to IBM's annual X-Force Threat Intelligence Index, based on security incidents and threat data gathered over 2021, businesses are now being "imprisoned" by the active exploitation of vulnerabilities and the deployment of ransomware.
The tech giant's researchers say that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems. In total, vulnerability exploits are considered to be responsible for 44% of the reported, known ransomware attacks included in the report.
Supply chain attacks can have severe ramifications: central service providers may be compromised to deploy poisoned software updates to their customer bases, ransomware may be executed to cause as much disruption to vendors as possible, ramping up the pressure to pay, or attacks may be triggered to deliberately wreak havoc in the real world, such as taking down utilities or core services in a target country.
NIST (February 22, 2022) NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance
To keep pace with the always evolving cybersecurity landscape, the National Institute of Standards and Technology (NIST) is planning to revise the widely adopted NIST Cybersecurity Framework (CSF). In advance of the update, NIST is asking the public for information that would improve the effectiveness of the CSF and its alignment with other cybersecurity resources. The agency is also requesting suggestions to inform cybersecurity guidance related to supply chain risks.
“Every organization needs to manage cybersecurity risk as a part of doing business, whether it is in industry, government or academia,” said Commerce Deputy Secretary Don Graves. “It is critical to their resilience and to our nation’s economic security. There are many tools available to help, and the CSF is one of the leading frameworks for private sector cybersecurity maintenance. We want private and public sector organizations to help make it even more useful and widely used, including by small companies.”
This marks the second time that NIST will update the CSF, formally known as the Framework for Improving Critical Infrastructure Cybersecurity, which it initially released in 2014 after extensive public involvement and collaboration. Since then, the CSF has been downloaded more than 1.6 million times and has been adopted internationally, with translations into at least six other languages.
Other Top Industry News
CISA warns of hybrid operations threat to US critical infrastructure - Bleeping Computer
91% of UK Organizations Compromised by an Email Phishing Attack in 2021 – InfoSecurity
FTC: Americans report losing over $5.8 billion to fraud in 2021 – Bleeping Computer
SEC Proposes Expansive New Cyber Risk Management Rules for Investment Advisers and Funds – JD Supra
NCSC Issues First-Ever Cybersecurity Guidance for the Construction Industry – InfoSecurity
Hearing Probes Aims, Enforcement of a U.S. Digital Privacy Law - Govtech
Ransomware victims are paying up. But then the gangs are coming back for more – ZDNet
