Hello and welcome back to our weekly blog post. Here's the latest info on what's been happening in cybersecurity.
Imagine being a country's newly elected leader and your first official act is to declare a state of emergency because of a ransomware attack. (How's that for a letdown??) That is what happened on Sunday in Costa Rica after a major ransomware attack that originally took place on April 12 on the country's Finance Ministry spread to other agencies. That includes the Ministry of Science, Technology and Telecommunications and the National Meteorological Institute. The Conti ransomware gang is widely believed to be responsible. Conti has been extremely active, and is best known for last year's attack on the Irish Healthcare System that may end up costing around $100 million. Now, the U.S. government is offering a reward of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who holds a key leadership role with the gang.
In the UK, officials are concerned about a threat made by Russian cyber criminals regarding UK's National Health Service (NHS). Members of a cyber gang known as "Killnet" have threated to attack all the NHS' ventilators after the arrest of an alleged pro-Putin cybercriminal in London who is believed to be responsible for a hack on government and media websites in Romania.
On Wednesday, cybersecurity authorities in the U.S., U.K., Australia, Canada and New Zealand released a joint advisory warning that they “expect malicious cyber actors — including state-sponsored advanced persistent threat (APT) groups — to step up their targeting” of managed service providers (MSP), and urged a renewed focus on cyber hygiene. The authorities are concerned that attackers that gain access to an MSP can gain access to that MSP’s customers and wreak havoc with ransomware and cyber espionage. A prime example is REvil, which was able to compromise as many as 50 MSPs in its July 2021 attack on IT tech management firm Kaseya.
Following the recently disclosed F5 BIG-IP networking device vulnerability that can make a server unusable, the security community is urging admins to apply patches as soon as possible. According to security researcher Kevin Beaumont, attackers are already trying to exploit the flaw and dropping webshells. Since BIG-IP devices are widely used in enterprise environments and serve the role of a load balancer, application firewall, and full proxy, this flaw potentially opens enterprise networks to a variety of attacks.
Also this week, Microsoft announced it's getting into the managed security services business with a new program that includes three new managed services: Microsoft Security Experts program, Microsoft Defender Experts for XDR and Microsoft Security Services for the Enterprise. Microsoft's blog post that announced the initiative can be read here.
Finally, there are increasing calls for the industry to step up its efforts to improve our collective security posture. In a conversation with ZDNet, Cybersecurity & Infrastructure Security Agency (CISA) director Jen Easterly said that security by design needs to be ingrained in software development and innovative thinking is required to help secure society against cyber attacks as technology become a bigger part of our everyday lives. She adds that "The stakes in the decade ahead could not be any higher particularly for those of us in technology and cybersecurity," with a warning it is "critical" to focus on the overriding values that must underpin cyber defense over the next decade.
That's a wrap for the news this week. As always, thanks again for stopping by our blog. Have a great weekend.
Top Global Security News
ZDNet (May 12, 2022) The stakes 'could not be any higher': CISA chief talks about the tech challenges ahead
Security by design needs to be ingrained in software development and innovative thinking is required to help secure society against cyber attacks as technology become a bigger part of our everyday lives, the chief of the US Cybersecurity & Infrastructure Security Agency (CISA) has warned.
CISA director Jen Easterly said that while it's important to focus on the cybersecurity issues of today, it's also important to look to the challenges that wait in future.
"The stakes in the decade ahead could not be any higher particularly for those of us in technology and cybersecurity," she said, warning that it's "critical" to focus on the overriding values that must underpin cyber defense over the next decade.
NBC News (May 11, 2022) Costa Rica declares state of emergency over ransomware attack
Costa Rica has declared a state of emergency after ransomware hackers crippled computer networks across multiple government agencies, including the Finance Ministry.
The official declaration, published on a government website Wednesday, said that the attack was “unprecedented in the country” and that it interrupted the country’s tax collection and exposed citizens’ personal information.
The hackers initially broke into the Finance Ministry on April 12, it said. They were able to spread to other agencies, including the Ministry of Science, Technology and Telecommunications and the National Meteorological Institute.
Leon Weinstok, the director of the Costa Rica office of the law firm BLP, who specializes in cybersecurity law, said the attack had severely affected the country’s ability to function. “The government has been really, really affected. It is impossible to quantify the losses at this time,” Weinstok said.
Cyberscoop (May 11, 2022) U.S., allies warn of rising recent and future attacks on managed service providers
Cybersecurity authorities in the U.S., U.K., Australia, Canada and New Zealand released a joint advisory Wednesday warning that they “expect malicious cyber actors — including state-sponsored advanced persistent threat (APT) groups — to step up their targeting” of managed service providers, and urged a renewed focus on cyber hygiene.
Managed service providers, typically referred to as “MSPs,” manage and sometimes provide IT services for other entities, such as hosting or platform services, creating a situation where businesses and many governments have to trust that the MSP is secure.
“Whether the customer’s network environment is on premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects,” the notice read. The nations said they “are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.”
CSO (May 10, 2022) Microsoft expands managed security services offerings with new program
Microsoft announced Monday that it's getting into the managed security services business. The company's Microsoft Security Experts program includes three new managed services.
Microsoft Defender Experts for Hunting is for its customers who have robust security operations centers but would like Microsoft to hunt for threats in data from endpoints, Office 365, cloud applications, and identity sources. Microsoft's experts will hand off any actionable alerts they discover to security operations center (SOC) personnel, along with remediation recommendations. Microsoft experts are also available on-demand to answer security questions about anything from incidents to action by nation-state actors to updates on the latest attack vectors. The projected launch window for the service is in the summer of 2022.
Dark Reading (May 09, 2022) How to Check If Your F5 BIG-IP Device Is Vulnerable
Heads up for network administrators with F5’s BIG-IP family of networking devices in their environment: There is a new security update available for the newly disclosed critical remote code execution vulnerability (CVE-2022-1388). Several security researchers have already created working exploits, so administrators need to move quickly and secure their networks before the attackers come knocking.
According to security researcher Kevin Beaumont, attackers are already trying to exploit the flaw and and dropping webshells. The vulnerability is "trivial" to exploit, Horizon3 said on Twitter. Horizon3 is among several groups that have already developed a working exploit.
Express UK (May 6, 2022) 'All ventilators will be attacked' Russian hackers threaten to target NHS in revenge plot
Russian hackers have threatened to target the NHS in a revenge plot stating "all ventilators will be attacked" in a chilling warning to the UK.
The threat comes following the arrest of an alleged pro-Putin cybercriminal in London who is believed to be responsible for a hack on government and media websites in Romania. The suspect is part of a group known as “Killnet” who have since vowed to disable NHS ventilators, as well as ones in Romania and Moldova should their comrade not be released.
Pages attacked include the government homepage, defence ministry and various political parties and private companies.
Other thought provoking articles