This article has been updated for recent events as of February 28, 2022.
This Cybersecurity News Recap for January to February 2022 covers some of the top stories from the opening quarter of the new year. However, many of these retread old ground as existing cyber threats carried over from 2021 (and earlier) that have often grown worse, while government and corporate regulators tighten controls in response. The situation has been exacerbated further by the tensions both preceding and resulting from the 2022 Russian invasion of Ukraine, which seems to be transforming into the first recorded conflict where cyber attacks are an integral part of the aggressor’s assault strategy.
NJ Attorney General Cracks Down on HIPAA Breaches
The New Jersey Attorney General’s Office was quite busy in 2021 handing out fines for HIPAA violations and PHI (personal health information) exposures, all stemming from data breaches and accidental leaks. Charges amounted to over $1 million for a fertility clinic, two third-party printing services and three cancer treatment centers, among others, for a variety of offenses that included internal security slip-ups and phishing attacks (some simultaneously). According to some legal experts, the last case is notable for NJ acting alone in enforcement as well as for the harshness of the punishment.
Microsoft Issues Phishing Warning to 365 Users
The Microsoft Security Intelligence team’s Twitter account posted a warning for Microsoft 365 and Office 365 users about a targeted phishing campaign using a third-party app that would trick users into granting OAuth permissions. This would give it access to “create inbox rules, read and write emails and calendar items, and read contacts,” according to the post. Thankfully, the Machine Learning-powered Microsoft Defender for Cloud Apps tool has flagged the app, although past victims may still be at risk.
Hospital Equipment Vulnerable to Hacking
In another blow to the healthcare industry’s already tenuous relationship with cybersecurity, a recent report revealed that over half of Internet-connected (i.e., cloud- and WiFi-capable) equipment in hospitals are vulnerable to being hacked. Some of the most popular medical devices – including infusion pumps and patient monitors – had widespread vulnerabilities across a majority of appliances. Besides creating a nightmare scenario in which a patient’s care could interrupted or withheld, the most likely possibility is that attackers would be able to access records and other PHI to hold the hospital ransom.
Cyber Insurance Gets Stricter About Ransomware
While the growing proliferation of hackers have made the cyber insurers a growing sector, there are increasing signs that the ransomware crisis is taking a toll even on this industry. Cyber insurance claims have steadily surged in many countries in recent years, and rates have risen alongside them. Now, several insurers have begun to impose stricter barriers to entry for prospective customers, including limiting the incidents which their plans cover.
NIST Releases Software Security & Labeling Guidance
In keeping with the Biden administration’s broad cybersecurity Executive Order from 2021, NIST (National Institute of Standards and Technology) released guidance for software security and consumer labeling best practices. This is intended to prompt federal agencies to gain a better understanding of their technology stack’s security posture, with the hope that these practices will gradually filter into the private sector.
The Formerly Facebook Metaverse & Cybersecurity
While Facebook’s brand transforms into Meta Platforms, Inc., the new entity is spearheading the creation of a “metaverse” that may soon be joined by Apple, Microsoft and Google. However, the creation of a tangible Metaverse is creating several questions around its cybersecurity implications, such as becoming a vehicle for phishing and fraud.
Report Finds US Still the Top Phishing Target
A study of phishing attacks in 2021 revealed that the US-based organizations remain the top targets among hackers, with attack rates actually growing 43 percent from Q2 to Q3. The US was 7 points ahead of Spain and 9 points ahead of South Africa, the next most affected countries, and accounted for a third of the top 5 targeted nations.
Russia Invades Ukraine & Kicks Off First Cyber War in February 2022
On February 24, 2022, armed forces of the Russian Federation invaded Ukraine from multiple fronts, kicking off a conflict that had been building up over most of 2021 and that had been ongoing since at least 2014. As tensions reached the boiling point, the ground and sea invasion was accompanied by several cyber attacks targeting Ukrainian computer systems as well as those of neighboring states like Lithuania, which is a member state of NATO. However, part of the groundswell of international condemnation of Russia included a strong public stance by hacktivist collective, Anonymous, that was accompanied by a DDoS takedown of Russian news services.
Get More Cybersecurity News
SWK Technologies provides you with the latest news, updates, tips and tricks to help you improve your cybersecurity by keeping an eye out for modern cyber threats. Reach out to us and discover what you need to watch out, and what you can do to better protect your business.
Contact SWK today to learn more about the latest cybersecurity news and how it affects your business.
Get More Cybersecurity News Updates