Cybersecurity News: The Impact of our Economy on Your Security, Qakbot Ransomware Alert
Trending headlines in cybersecurity:
The 8th Google Zero Day Threat of 2022
An Aggressive Qakbot Ransomware Alert
Government Updates: Regulations for Infrastructure Organizations
The Impact of our Economy on Cybersecurity
Watch this episode now:
A New Google Zero-Day Threat
Google Chrome recently released an emergency update addressing its eighth zero-day vulnerability this year. The high-severity flaw was discovered by Google’s Threat Analysis Group on November 22, and Google has withheld specific details about the vulnerability to prevent expanding the malicious exploitation. In general, the vulnerability is a heap buffer overflow, or a memory vulnerability resulting in data being written to forbidden (usually adjacent) locations without check. Attackers may use heap buffer overflow to overwrite an application's memory to manipulate its execution path, resulting in unrestricted information access or arbitrary code execution. To block potential exploitation attempts, users should apply the update to their web browsers immediately.
Alert: Aggressive Qakbot Ransomware Campaign
More than 10 different companies have been targeted by a fast-moving ransomware campaign in the last two weeks, focused primarily on companies based in the US. The attacks are from the Black Basta ransomware group using Qakbot malware — also known as QBot or Pinkslipbot — to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. The infections begin with either a spam or phishing email containing malicious URL links, with Black Basta deploying Qakbot malware to infect an environment, maintain a presence on the victim's network, then move laterally within the organization’s network. Once the ransomware is deployed, the attacker disables security mechanisms, such as EDR and antivirus programs. The attacks move swiftly, with threat actors obtaining administrative access in under two hours, and ransomware deployed in less than 12 hours. The malware also installs a backdoor, allowing the threat actor to drop additional malware. Because the attacks can lead to severe IT infrastructure damage, organizations are encouraged to identify and block malicious network connections, reset Active Directory access, engage incidence response, and cleanse compromised machines, which includes isolating and reimaging all infected machines.
Government and Regulatory Updates
The Biden administration continues to focus on strengthening the cybersecurity of critical infrastructure, a sign that more regulatory action may soon follow. In October, the Chemical Action Plan was rolled out, and cyber guidance for the communications and healthcare sectors is still in the works. The government’s focus on critical infrastructure has created a trickle down effect, as organizations subject to the mandatory requirements are not only responsible for their own security, but accountable for the cybersecurity of their vendors and their vendor’s vendors. Consequently, third parties who work with critical infrastructure organizations are being held to the same standards the government is introducing. Contracts have new provisions to increase the security of how and where data is stored and who has access to it. Additionally, safeguards like liability clauses and cyber insurance requirements are becoming common, in an effort to help protect the infrastructure company, should a vendor be at fault for a cyber breach. Private infrastructure companies are also encouraged to take a proactive approach to updating third-party contracts while the regulatory environment is still in its early stages.
FCC Equipment Ban
And the FCC unanimously voted to ban the import and sale of telecom gear from China-based companies Huawei and ZTE and their affiliates, deeming the equipment poses a national security threat. The ban targets equipment used for network infrastructure, public safety, and government surveillance, and covers phones, cameras, and Wi-Fi routers. The estimated cost for the FCC to reimburse network operators for the removal and replacement of the Chinese hardware is $5 billion dollars.
The Economic Impact on Cybersecurity
The gloomy economic outlook is negatively impacting SMBs– and many companies are forced to make budget cuts– cybersecurity budgets included. A survey conducted by JumpCloud revealed 44% of small and medium-sized businesses are expecting security spending cuts, causing concerns about increased organizational risk. More than half of IT administrators surveyed said security is the biggest IT challenge confronting their organization. Network attacks, software vulnerability exploits, and ransomware attacks ranked as the three biggest security concerns, followed by multifactor authentication fatigue attacks. And with cybersecurity budget reductions, the vulnerabilities may increase. But there’s a bigger industry concern all organizations should be aware of– the downstream effects of SMB security cuts. Some of the impacted companies may be your vendors with access to your networks and sensitive data. Their reduction in security means more risk for you.
What are the indicators that your vendor may have reduced security spending? “Turnover and response times have always been the most prominent indicators of budget cuts, signaling a potential for emerging issues,” says Jeff Hodgin , VP of Product at CyberGRX. “Knowledge gaps and resource shortages are two primary drivers for increased risk in tough economies,” and he advises organizations to “watch for changes in behavior and changes in your primary contacts. He also recommends “increasing your monitoring or likelihood thresholds, to account for the increased risk.” Good advice to help protect your organization.
All information is current as of November 28, 2022. Subscribe to receive future episodes as they are released.
Get Cyber Risk Intel delivered to your inbox each week: