Cyber Security News Roundup – 24th April 2023

It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

US, UK warn of government hackers using custom malware on Cisco routers 18/4

The US, UK, and Cisco are warning that Russian state-sponsored APT28 hackers have been deploying a custom-made malware named ‘Jaguar Tooth’ on Cisco IOS routers, which allows unauthorised access. APT28 has links to Russia’s GRU and has been attributed to numerous cyber-attacks on Europe and the US that abused zero-day exploits. By scanning for public Cisco routers that use weak SNMP community strings the Jaguar Tooth malware can be injected directly into Cisco routers running out-of-date software, and once installed it allows information to be exfiltrated and unauthenticated backdoor access to the device. This discovery highlights a rising trend among state-sponsored hacking groups regarding the creation of custom malware to conduct cyber espionage activities, with Chinese hacking groups targeting government institutions in March by leveraging weaknesses in Fortinet devices to deploy their own custom malware. (Bleeping Computer)

March 2023 broke ransomware attack records with 459 incidents 19/4

With 459 confirmed attacks, March 2023 was the most prolific month recorded by cyber security analysts in recent years with regards to hack and data leak incidents. This reflected a 91% increase on the previous month, and 62% compared to March 2022, according to the NCC Group. The CVE-2023-0669 vulnerability in Fortra’s GoAnywhere file transfer service was the main reason for the significant increase, with the Clop ransomware operation abusing this to wreak havoc on 130 organisations in just 10 days. The most targeted sector was “Industrials”, which includes professional services, aerospace and defence, transport, engineering and more, suffering 147 ransomware incidents and making up 32% of the month’s recorded attacks. Other industries that suffered significant attention from ransomware operations were “Consumer Cyclicals” in second, as well as “Healthcare”, “Technology”, “Financials”, and “Education Services”. (Bleeping Computer)

UK cyber-agency warns of a new ‘class’ of Russian hackers 19/4

The National Cyber Security Centre (NCSC) is warning of a heightened risk of cyber attacks from Russian state-aligned threat actors, and is urging all organisations to ensure they have applied recommended security measures that include system patching, access control verification, functioning defenses, logging and monitoring, reviewing backups, incident plans, and managing third-party access. Hacktivist groups typically focus malicious activities on causing disruption to infrastructure and services, such as through DDoS attacks, however Russian-linked actors have expressed their intentions to do more damage when and if possible and as such are pivoting towards more harmful activities. The NCSC considers it unlikely that Russian-sponsored actors would be able to cause serious damage to valuable corporate and government networks, however added that this could change over time. (Bleeping Computer)

Hackers access Capita customer data in cyber attack 20/4

Outsourcing giant Capita, one of the UK government’s largest contractors, has suffered a cyber attack that has affected 4% of its servers and may have given hackers access to customer and internal data. Capita stated that there is “evidence of limited data exfiltration from the small proportion of affected server estate which might include, customer, supplier, or colleague data”. The hackers first accessed the company’s servers on the 22^nd of March, and on the 31^st of March Capita had interrupted and “significantly restricted” the criminal operation. Reports in the Sunday times suggested that the group behind the attack was the notorious Black Basta ransomware operation, but Capita have declined to comment on who is responsible. With multiple UK government organisations outsourcing professional tasks to Capita, the announcement of the cyber-attack caused a 1% drop in their share value and will make turnaround efforts even more difficult following years of contract losses. (Financial Times)

American Bar Association reports data breach affecting 1.5 million accounts 21/4

The American Bar Association (ABA) has disclosed a data breach, detected in March, that has affected 1.5 million accounts and stole data that includes the usernames and encrypted passwords of accounts registered with the pre-2018 ABA website. An unauthorised third party first gained access to the ABA network on the 6^th of March, with the association first noticing the unusual activity on the network on the 17^th.  No personal or corporate information was stolen and the ABA is implementing measures to prevent another breach from occurring, reviewing their network security configurations and encouraging users with the same credentials as their pre-2018 accounts to update their account information. (Legal.io)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!