Cyber Intel Brief for January 24, 2022

Recent Threats by Industry

Cyber / MSP / MSSP No major attacks have occurred this week, however MSPs will continue to remain a top target for attackers.

Phishing will remain the top attack vector throughout 2022. 94% of all malware gets delivered by email — using social engineering techniques to trick users into opening malicious attachments or links. Phishing attacks still continue to grow rapidly: just this year, Acronis reported blocking 23% more phishing emails and 40% more malware emails in Q3, as compared with Q2 of the same year.

https://www.cisa.gov/uscert/APTs-Targeting-IT-Service-Provider-Customers

Healthcare More than 30 healthcare organizations were impacted by a business associate data breach targeted at Ciox Health, a clinical data technology company.  An unauthorized third party accessed one Ciox employee’s email accounts between June 24 and July 2, 2021, a notice on the company’s website explained.

The individual may have downloaded emails and attachments from the account. On September 24, Ciox determined that the emails and attachments contained patient information relating to billing inquires and other customer service requests. In November and December, Ciox began notifying its healthcare provider customers of the breach.

https://healthitsecurity.com/news/business-associate-data-breach-impacts-32-healthcare-organizations

SaaS Providers No new major attacks have occurred this week targeting SaaS providers. However, two-third's of all malware downloads in 2021 came from cloud applications.

We expect SaaS providers to continue to strengthen their AI capabilities and protections against these attacks.

Financial Services Thousands of contractors across the UK are facing a second possible week of payment delays following separate cyber attacks on two of the umbrella industry’s largest players.

Brookson Group and Parasol have both been forced to proactively disable client-facing systems and minimize their online presence as a result of the attacks, while trying to maintain payroll runs for the tens of thousands of contractors who they employ.

Biotech / Pharma As we move into 2022, the cyber field gets more and more advanced. A recent report from Cynerio said that 53% of connected medical devices contain critical vulnerabilities. Cynerio also found that 73 percent of IV pumps have a vulnerability that could jeopardize patient safety. IV pumps make up 38 percent of a hospital’s IoT footprint, making them one of the riskiest connected devices at any healthcare organization.

https://healthitsecurity.com/news/53-of-connected-medical-devices-contain-critical-vulnerabilities

Government White House officials told reporters on Friday that the person behind the ransomware attack on Colonial Pipeline last year was arrested as part of the larger raid against the REvil ransomware group by Russian law enforcement.

https://www.zdnet.com/article/white-house-says-person-behind-colonial-pipeline-ransomware-attack-nabbed-during-russian-raid/

Cyber-Threat Forecast for the Quarter

We expect to continue seeing these cyber-threats evolving and being more of an impact to organizations over the next quarter:

Ransomware - Malicious code that when executed, encrypts victim data, prevents access to victim systems, applications, or data, or otherwise holds system/data/application hostage for ransom, usually paid using cryptocurrency.
Supply Chain Attacks - Electronic or physical attacks on suppliers, which can affect confidentiality, integrity, or availability of goods or services.
Talent Impact on Security - Refers to lack of cybersecurity and technology talent needed to properly operate, maintain, and secure an organization's information systems.

 

Data Privacy & Security Law

Regulatory Forecast If 2021 is any indication of the changes coming to security laws, in 2022 we expect these changes to continue on a larger scale. Below i have posted a recap of 2021 changes.
Data Privacy and Security Law •The Colorado Privacy Act (ColoPA) and the Virginia Consumer Data Protection Act (VCDPA) advanced into law (with effective dates of 2023);
•China's Personal Information Protection Law took effect;
•The UAE released its new privacy law;
•South Africa's privacy law came online;
•California voters passed the California Privacy Rights Act (CPRA);
•The European Union, in response to the Schrems II decision, approved new Standard Contractual Clauses to enable (or discourage) cross-border data flows.

Weekly Honeypot Stats for January 24, 2022

Attacker Sources Histogram

Most Targeted Ports List

Attacker Source Country

Suricata Attack Categories

Suricata Top 10 Signature Hits

Top 10 CVEs Targeted