Top news stories this week
- Extortion. Australia introduces bill requiring companies to report ransomware payments.
- Birthday blues. Ukrainian hackers target Russian state TV and radio channel on Putin's 72nd birthday.
- Flashback. Comcast, CF Medical, and Truist Bank affected by ransomware attack on third party supplier.
- Déjà vu. Casio and ADT suffer repeat cyber attacks.
- Rising threats. Trinity ransomware emerges amid ongoing attacks on US critical infrastructure.
- Patch me if you can. Microsoft and Ivanti release patches for actively exploited vulnerabilities.
1. Australia introduces bill requiring companies to report ransomware payments
Australia has introduced a new cyber security bill to parliament that requires companies responsible for critical infrastructure assets to report ransomware payments within 72 hours or face a civil penalty. The new bill, if enacted, also bans default passwords and introduces other security standards for smart devices.
So What?
Australia's proposed cyber security bill could set a global precedent and encourage other countries to implement mandatory reporting requirements for ransomware payments.
[Researcher: Waithera Junghae]
2. Ukraine hackers target Russian state broadcaster on Putin’s birthday
Ukrainian hackers have targeted Russian state broadcaster VGTRK on President Vladimir Putin’s 72nd birthday. VGTRK is Russia's main national and regional TV and radio station, which has been sanctioned by the EU, Canada and the UK since Russia's invasion of Ukraine.
So what?
Since the Russian invasion of Ukraine, attacks on media institutions from both sides have been part of the war arsenal and are not uncommon.
[Researcher: Lena Krummeich]
3. Comcast, CF Medical, and Truist Bank affected by ransomware attack on third party supplier
The US telecom giant Comcast, medical debt-purchasing company CF Medical and Truist Bank have revealed that cyber criminals stole the data of hundreds and thousands of their customers after a ransomware attack on their third party provider, Financial Business and Consumer Solutions (FBCS). FBCS initially said no Comcast data had been affected during the attack in February. Subsequent investigations revealed that 4.2 million individuals, including Comcast customers, had their data breached in the FBCS hack.
So what?
Organisations should ensure third parties have adequate security controls to protect their data. Additionally, trusted and reputable organisations should be used for incident response to ensure that the full impact of the incident can be identified.
[Researcher: Milda Petraityte]
4. Casio and ADT suffer repeat cyber attacks
Casio has confirmed that disruption to some of its services was caused by an unauthorised third party gaining access to its network. This comes a year after an attack on the company led to a data breach impacting customers from 148 countries. Separately, ADT have confirmed a second breach two months after compromised credentials were used to access the company’s infrastructure.
SO WHAT?
Conducting a comprehensive lessons learned session after a cyber security incident is essential to ensure resilience against future attacks.
[Researcher: David Broome]
5. Trinity ransomware emerges amid ongoing attacks on US critical infrastructure
The US Department of Health and Human Services has issued an advisory on the new threat actor group, Trinity, warning that the group poses a significant threat to the country’s healthcare sector.
Separately, the US water and sewage company American Water Works announced it experienced an unspecified cyber incident, prompting them to disconnect several systems and pause services as part of their containment strategy.
SO WHAT?
Threat actors are increasingly targeting critical infrastructure, making it essential for organisations in this sector to remain vigilant.
[Researcher: Aditya Ganjam Mahesh]
6. Microsoft and Ivanti release patches for actively exploited vulnerabilities
Microsoft has released patches for 117 security flaws in October's Patch Tuesday update. This includes three critical vulnerabilities and 42 remote code execution vulnerabilities. Ivanti has also released patches for three vulnerabilities in the Cloud Services Appliance that are actively being exploited by threat actors.
So what?
Organisations should keep their systems up to date with the latest Microsoft patches and update to version 5.0.2. if using Ivanti CSAs.
[Researcher: Aditya Ganjam Mahesh]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
