SWK Cybersecurity News Recap August 2022

Check Out Some of the Top Cybersecurity News Stories in August 2022

August 2022 was yet another busy period in the cybersecurity news world, so this month’s recap from SWK Technologies will consolidate and cover the biggest trends to watch out for among the top stories. The most prevalent of these are the simultaneous rise of critical bugs being found along with attack reports, two factors which often go hand-in-hand. Additionally, the healthcare industry remains under increasing threat of cyber attack – enough for experts to beg the federal government to step in amidst a growing momentum of security-related legislation.

Here are some of the top cybersecurity news stories to watch from August 2022:

More Bugs, Breaches & Ransomware

The list of exploits, ransomware strains, and data breaches in the news continued to grow over the past month, with government agencies and researchers at several enterprises discovering multiple critical vulnerabilities in recent weeks. Here are some of the most noteworthy incidents so far:

• Google Cloud claims to have blocked one of the largest DDoS attacks in history
• Apple releases patches for two critical vulnerabilities found in multiple macOS devices
• Multiple SAP vulnerabilities that were previously patched were found with new exploits in the wild
• Twitter confirms 5.4 million accounts exposed during July breach
• CISA & the FBI warn the healthcare sector of Zeppelin ransomware
• Department of Health and Human Services (HHS) releases alert on Hive ransomware
• CISA releases alert on vulnerability in Philips e-Alert monitoring system
• NJ officials warn residents of spike in phone scams after Union Beach was impacted by a cyber attack
• Severe exploit found in VMware Workspace Access One
• CVE found in Unix version of UnRAR
• CVE found in Microsoft Windows Support Diagnostic Tool (MSDT) during August 2022 Patch Tuesday
• A report revealed that state-sponsored Russian hacker group Cozy Bear targeted Microsoft 365 users
• Researchers uncovered 10 unpatched vulnerabilities in Cisco firewalls
• Two critical vulnerabilities found in routers using NetModule Router Software (NRSW)
• Identity management firm Entrust confirms it was breached by a suspected ransomware gang
• Several attacks reported on Virtual Network Computing (VNC) systems
• Critical vulnerability found affecting devices using Realtek RTL819x

Healthcare in Cybersecurity Crisis

While healthcare organizations have made strides in increasing their preparedness against cyber attacks, they remain under constant threat by malicious actors, particularly ransomware gangs. Costs around breaches in this industry have been rising since even before the global pandemic began stretching resources across the entire market, and attackers know that their victims cannot afford to shut down operations for too long.

Congressmen Urge White House to Step In

The state of healthcare cybersecurity in the US has prompted two congressmen – Rep. Mike Gallagher (R-WI) and Sen. Angus King (I-ME) – to send an open letter to Health and Human Services (HHS) Secretary Becerra asking the White House to take greater action. Both men are former co-chairs of the Cyberspace Solarium Commission (CSC) and have been ardent proponents for improving security initiatives throughout the government sector. The latter called for the White House to direct the HHS to take a more proactive role in combating cyber risk, and enforcing information sharing and incident reporting within the industry.

Government Measures

Besides the healthcare crisis, there have been several other projects and proposals introduced across multiple levels of the government attempting to address cybersecurity. From federal to state initiatives, here are some of the top stories from August 2022:

• CISA releases an election cybersecurity toolkit for state and local governments
• Maggie Hassan (D. NH) introduces bill to grant funding to small business cybersecurity training centers
• Pennsylvania Governor Tom Wolf signs bill ordering state National Guard to aid in cybercrime fight
• The U.S Department of Energy (DOE) announced a $45 million cybersecurity program aimed at protecting the American electrical grid from cyber attacks
• US & Mexican security officials met to discuss bilateral objectives on addressing cyber issues jointly and in their respective nations

Cyber Incident Reporting

Cyber incident reporting and information sharing on bugs, malware strains and malicious activity observations have become critical topics of legislative discussions in the wake of high-profile attacks such as the SolarWinds and Colonial Pipeline breaches. While the momentum for more stringent reporting regulation is growing, there remains considerable pushback and occasionally confusion around the fine details involved. While Department of Homeland Security cyber agency CISA has effectively taken the reins ahead of other regulatory bodies, there have been accounts of missteps and perhaps a bit of desperate measures from the agency as they have navigated these largely unchartered waters.

Other Cybersecurity News

Here are some other top cybersecurity news stories from August 2022:

Russia-Ukraine as of August 2022

As the Russian invasion of Ukraine continues, observers have been able to put together a clearer picture of the cyber war that has accompanied the conflict on the ground, as well as attacks that have spilled over into other nations. The independent NGO CyberPeace Institute documented “more than 300 cyberattacks and operations tied to 51 threat actors affecting 27 countries,” with most involving information warfare or other attempts at disruption.

Cyber Insurance

While most cyber insurance providers are planning to continue offering their services in the face of a growing rate of cyber attack, many are trying to offset the challenges by enforcing stricter policy requirements. This includes carrier marketplace Lloyd’s, which has instructed member firms to “exclude liability for losses arising from any state-backed cyber attack” from their policies by March 2023.

Get More Updates from SWK

The cybersecurity situation continues to evolve in August 2022, but SWK Technologies will keep you updated on critical issues that could threaten your business and leave your data exposed. Get in touch with our experts today to learn more about the top stories in the news and what you can do to defend your systems and data.

Contact SWK here to get more updates from the top cybersecurity news out of the month and discover how to prepare against emerging cyber threats.