WEEK OF JANUARY 31, 2022
Data Privacy Day 2022: Prioritising data security and privacy need of the hour, say experts and enterprises
- As we celebrate Data Privacy Day on January 28, leading enterprises and experts highlight the importance of the need to prioritise data privacy.
- Toward the end of 2021, cyber attacks against corporate networks increased by a staggering 50 per cent as compared to 2020 with the education and research sector being the hardest hit, averaging 1,605 attacks per week.
- Government organisations, communications companies and internet service providers were a close second, according to Israeli cybersecurity firm Check Point Research.
Healthcare industry most common victim of third-party breaches last year
- Ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents analyzed.
- Despite immense cybersecurity improvements following the onset of the COVID-19 pandemic, the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents last year.
- With its rich and diverse personally-identifiable information (PII) data, the government sector accounted for 14% of third party attacks in 2021.
- Attackers were able to infiltrate networks and steal data through a variety of methods including exploiting weak passwords and access controls to gain unauthorized network access. Insecure external facing servers and databases also provided easy access to valuable data.
French Ministry of Justice targeted in ransomware attack
- Cybercriminals claim to have breached systems belonging to France’s Ministry of Justice and they are threatening to make public the files stolen from the government organization.
- Threat actors who are using the ransomware named LockBit 2.0 have posted a message on their Tor-based leak website claiming to have stolen files from the Ministry of Justice’s systems.
- “The French Ministry of Justice is aware of the alert and has immediately taken actions to proceed to the needed verifications, in collaboration with the competent services in this field,” the statement reads.
- The hackers state on their website that an unspecified amount of stolen data will be made public in two weeks from now, on February 10.
FBI warns of hacker attacks conducted by Iranian cyber firm
- The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad.
- The agency has described their tactics, techniques and procedures (TTPs) and it has shared several recommendations for preventing and detecting attacks.
- In November 2021, the U.S Treasury Department announced sanctions against six Iranian nationals and a company involved in a campaign whose goal was to influence the 2020 presidential election.
- The company in question is Emennet Pasargad, previously known as Eeleyanet Gostar and Net Peygard Samavat — the company has regularly rebranded to evade U.S. sanctions. Emennet has provided cybersecurity services within Iran, including to government organizations.
North Korea loses internet in suspected cyber-attack
- North Korea has experienced an internet outage that may have been caused by a cyber-attack.
- The country lost internet access for approximately six hours on Wednesday morning local time. The incident was the second outage to hit North Korea in the past two weeks.
- Junade Ali, a cybersecurity researcher who monitors various North Korean web and email servers from a location in Britain, told Reuters that the latest outage could have resulted from distributed denial-of-service (DDoS) attack.
- Within a few hours of the suspected DDoS attack, servers supporting email were back up and running. However, disruption and downtime continued to impact individual web servers of institutions, including North Korea’s ministry of foreign affairs, the Air Koryo airline, and Naenara – the official portal for the North Korean government.
Linux bug in all major distros: ‘An attacker’s dream come true’
- The 12-year-old flaw in the sudo-like Polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
- Every major Linux distribution has an easily exploited memory-corruption bug that’s been lurking for 12 years – a stunning revelation that’s likely to be followed soon by in-the-wild exploits, researchers warn.
- The vulnerability – tracked as CVE-2021-4034, with a CVSS criticality score of 7.8 – is found in Polkit’s pkexec function.
- Polkit (formerly PolicyKit) provides an organized way for non-privileged processes to communicate with privileged processes, Qualys explained, and can be used to execute commands with elevated privileges using the command pkexec, followed by the command intended to be executed (with root permission).