Hello and welcome to our wrap-up of some of the cybersecurity industry's biggest stories in the last week. Here's what's been happening...
Shortly after the Russia-Ukraine conflict began, the Ukrainian government warned that phishing emails were sent to email addresses belonging to Ukrainian military personnel and related individuals. Now, employees at several European government organizations have been receiving malicious emails that appear to be coming from email accounts belonging to members of the Ukrainian military. The incident has been attributed to the cybercrime group UNC1151.
The U.S. Senate passed imporant legislation Tuesday evening in an effort to bolster the cybersecurity of critical infrastructure owners in the country. The "Strengthening American Cybersecurity Act" calls for entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours. The proposal's intent is to give CISA the information it needs to more widely share threat data to help curtail major cyberattacks rippling through key targets. Despite bipartisan support for the bill, not everyone is pleased with it.
Meanwhile, some well known companies have been hit by attackers recently, including Toyota, Nvidia and Aon.
Earlier in the week car manufacturer Toyota was forced to suspend production at 14 plants in Japan for at least a day in response to a “system failure” at components supplier Kojima Industries. Fortunately the company was up and running again within a few days.
Then, electronics giant Nvidia was the victim of an apparent ransomware attack on its networks, during which hackers were able to grab data. It's also been reported that Nvidia *may* have hacked back the hackers, though nothing has been confirmed.
In addition, insurance and professional services provider Aon disclosed late last week in an SEC filing the company "identified a cyber incident impacting a limited number of systems. Promptly upon its identification of the incident, the Company launched an investigation, and engaged the services of third-party advisors, incident response professionals, and counsel." Aon says the hack has not had a significant impact on its operations.
Finally, this week Microsoft announced the launch of a new endponit security solution for small and medium sized business owners (SMBs), Defender for Business. The product is designed to help organizations of up to 300 employees stay protected from ransomware and other malicious threats. According to Rob Lefferts, corporate vice president of security at Microsoft, "It's a perk for smaller organizations, which may have just one IT person doing everything."
That is a wrap for the week. Thanks for stopping by our blog. Have a great weekend.
Amy
Top Global Security News
Security Week (March 3, 2022) Hacked Ukrainian Military Emails Used in Attacks on European Governments
Staff at European government organizations have been receiving malicious emails that appear to be coming from email accounts belonging to members of the Ukrainian military.
Russia’s war with Ukraine is taking place both in the real world and in cyberspace, with state-sponsored units and hacktivists fighting for both sides. The online battle has involved a wide range of tactics and tools, including distributed denial-of-service (DDoS) attacks, malware, data leaks, and misinformation.
Shortly after Russia launched its invasion, the Ukrainian government warned that phishing emails had been sent to email addresses belonging to Ukrainian military personnel and related individuals. The attack has been attributed to UNC1151, a threat actor previously tied to Belarus and possibly Russia, and which specializes in disinformation campaigns.
Cyberscoop (March 2, 2022) Proposal for industries to report big cyberattacks, ransomware payments wins Senate approval
The Senate passed legislation Tuesday evening requiring critical infrastructure owners to report to the feds when they suffer a major cyberattack or make a ransomware payment - shaking loose a bill that got stuck in the chamber last year.
Under the measure, which now moves to the House for potential consideration, those critical infrastructure owners and operators as well as federal agencies would have to disclose a significant incident to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency within 72 hours. The same owners and operators would have to report any ransomware payments to CISA, too, only within 24 hours.
Its intent is to give CISA the information it needs to more widely share threat data to help curtail major cyberattacks rippling through key targets, such as what happened in late 2020 when federal contractor SolarWinds suffered a compromise that ended up spreading to federal agencies and major tech companies.
Portswigger (March 2, 2022) Toyota shuts down production after ‘cyber-attack’ on supplier
Car manufacturer Toyota has suspended production at 14 plants in Japan for at least a day in response to a “system failure” at components supplier Kojima Industries.
In a brief statement issued on Monday (February 28), Toyota confirmed the temporary shutdown, which auto industry experts estimate might lead to a 5% drop in Toyota’s monthly production or the loss of about 13,000 units:
“Due to a system failure at a domestic supplier (KOJIMA INDUSTRIES CORPORATION), we have decided to suspend the operation of 28 lines at 14 plants in Japan on Tuesday, March 1st (both 1st and 2nd shifts). We apologize to our relevant suppliers and customers for any inconvenience this may cause".
Toyota added that it was continuing to work with its suppliers in strengthening the supply chain in order to deliver vehicles “as soon as possible".
InfoSecurity (March 2, 2022) Nvidia Admits Hackers Stole Employee and Internal Data
Nvidia has released more details of an apparent ransomware attack on its networks, admitting that internal data has been taken. The US chip giant had previously given little away, saying only that its “business and commercial activities continue uninterrupted” while it investigated the attack, which was first reported last week.
However, a new statement has gone further.
“Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” the Nvidia statement revealed.
Security Week (March 2, 2022) Microsoft Defender Takes Aim at Mid-Market
Microsoft this week announced the general availability of Defender for Business, an endpoint security solution aimed small- and medium-sized businesses (SMBs).
Defender for Business packs ant-malware protection alongside attack surface reduction, endpoint detection and response (EDR), and threat and vulnerability management and offers support for both desktop and mobile operating systems.
The Redmond, Wash. software maker said the product was designed to help organizations of up to 300 employees stay protected from ransomware and other malicious threats.
Bleeping Computer (February 28, 2022) Insurance giant AON hit by a cyberattack over the weekend
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems. AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cybersecurity consulting, risk solutions, healthcare insurance, and wealth management products.
AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees spread throughout 120 countries.
In an 8-K form filed with the Securities and Exchange Commission, AON has disclosed that they suffered a cyberattack on February 25th, 2022.
"On February 25, 2022, Aon plc (the “Company”) identified a cyber incident impacting a limited number of systems. Promptly upon its identification of the incident, the Company launched an investigation, and engaged the services of third-party advisors, incident response professionals, and counsel. The incident has not had a significant impact on the Company’s operations," reads the Form 8-K filed by AON.
Other Top Industry News
Ukrainian Researcher Leaks Conti Ransomware Gang Data - Data Breach Today
Swedish camera giant Axis still recovering from cyberattack - ZDNet
75% of Infusion Pumps Contain Known Security Gaps, Report Finds - HealthIT Security
Log4shell exploits now used mostly for DDoS botnets, cryptominers - Bleeping Computer
Over 100,000 medical infusion pumps vulnerable to years old critical bug
UK’s NCA discovers 585 million compromised passwords- Specops Software
This is what happens when two ransomware gangs hack the same target - at the same time - ZDNet
