SWK Cybersecurity News Recap July 2022

A Look at Top Cybersecurity News from June – July 2022

June through July 2022 have been yet more eventful months for cybersecurity news, so this SWK recap will focus on the top stories that impact your business the most, including updates on the general state of security as of more than half through the year. New incidents, ransomware campaigns and bug notices add more weight to significant discussions around the nation’s cyber defenses, while events continue to flow overseas that could have lasting consequences on how the US approaches data security.

State of Cybersecurity in July 2022

2022 has continued the trend of relentless cyber attacks and seems to have added on a frequent stream of new bugs for good measure, with the biggest exploit in years seen with the Log4j error. Ransomware has not seemed to slow down either, with new strains and entire gangs appearing in the wild regularly.

Attacks and Malware in the Wild

June through July 2022 featured more recorded breaches than can be listed here, and in spite of a drop in the number of ransomware victims since attacks spiked tremendously in the First Quarter, several prolific perpetrators continue to take credit for almost daily extortions. Perhaps one piece of good news is that it seems as though the volume of ransoms may be starting to drop in favor of traditional malware; however, organizations still have to take care to protect against data theft in either case, as the remaining players are increasingly using double extortion techniques.

Here are some of the strains, gangs and attacks uncovered by researchers over the past two months:

• Lockbit surpasses Conti as the most active ransomware group in 2022
• Black Basta, thought to consist of former Conti & REvil members, claims over 50 victims in about 3 months
• A Magecart malware campaign stole info from 50,000 credit cards used for online food orders
• CloudMensis is caught using public cloud storage to infect macOS devices
• Researchers uncovered a new double extortion ransomware strain called Lilith
• The FBI warns healthcare and IT companies that the Maui strain is targeting their data
• Microsoft security researchers found the Hive ransomware imitating another strain to cover its tracks
• A RaaS (ransomware-as-a-service) operation releases a free strain called Redeemer
• CISA released an advisory on MedusaLocker exploiting RDP (remote desktop protocol) gaps
• The FBI issued an alert that cyber scammers have begun using deepfake applications to infiltrate IT companies
• An attack on debt collection agency Professional Finance Company exposes 1.9 million patient records
• SHI International of Somerset, NJ was shut down temporarily while responding to a malware infection

Bug Notices

Bugs are becoming as ubiquitous as cyber attacks, and CISA has released multiple alerts to patch several critical vulnerabilities, including a few found in broadly-used Microsoft products. The top cybersecurity news in this space, though, is still the Log4j flaw as CISA’s new Cyber Safety Review Board reported that its impact would be present for “years” (the good news, however, is that it has not been used for any major exploits).

Vulnerable Industries

The renewed national focus on network security is also bringing back to light the particular susceptibility of several industries to external attacks, specifically from gaps in technology as well as in cyber hygiene practices (as well as political concerns with telecoms and social media in China). This has impacted these sectors in different ways, between addressing growing individual cases of theft to trying to recoup billions of dollars from devastating losses, but it is bringing to the forefront the need for widespread information security across every market.

Here are some of the industries being singled out in the latest news for cybersecurity concerns:

• Education
• Healthcare
• Pharmaceuticals
• Financial Services
• Utilities
• Oil & Gas
• Medical Device Manufacturing
• Defense Contractors
• Cloud Services & Storage
• Federal Civilian Agencies
• Discrete Manufacturing

Impact of New Technology

Technology new and old have come under the microscope for their own security dilemmas, but with the former there is a constant fear that a lack of understanding and practice standardization will inherently lead to exposure. Even more contemporary solutions like the cloud and IoT seem to be facing renewed scrutiny as the pace of hygiene procedure adoption still lags behind the speed at which tools are implemented, and many organizations still struggle to consistently one to meet the other. Now, however, technologies like AI and quantum computing are being added to the conversation as both businesses and regulators try to get ahead of potential problems.

US Federal Cybersecurity News Updates

Just as 2022 has been a busy year for cybercriminals and nation-state hackers, it has also been a busy year for federal and local governments trying to contain the issues at hand while curbing emerging security developments. While some experts laud these initiatives, others claim they are not enough and more still needs to be done to ensure widespread cybersecurity at the national level.

Cyber Bills Passed

Hundreds of bills have been passed in the US at both the federal and state levels throughout 2022 that have either focused primarily on addressing a cybersecurity issue or have included provisions to address such concerns along with other stipulations. These include:

• Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022
• State and Local Government Cybersecurity Act of 2021
• Federal Rotational Cyber Workforce Program Act of 2021
• Better Cybercrimes Metric Act
• National Cybersecurity Preparedness Consortium Act of 2021
• Infrastructure Investment and Jobs Act
• National Defense Authorization Act (NDAA) for Fiscal Year 2022

Several more pieces of legislation are still being reviewed in the House, Senate, or between both chambers of Congress as they negotiate amendments to various provisions and language as of this writing. These include:

• Quantum Computing Cybersecurity Preparedness Act
• Healthcare Cybersecurity Act of 2022
• United States Innovation and Competition Act (USICA) of 2021
• Creating Helpful Incentives to Produce Semiconductors for America Act (CHIPS)

 

Biden’s Cybersecurity Focus

Several news outlets have reported that a document outlining the Biden administration’s cybersecurity strategy going forward is being drafted at the time of this writing, solidifying the direction the White House envisions for the nation’s security standards. Statements who claim to be close to the process as well as predictions from experts and a few officials not directly involved indicate the key theme will be encouraging greater coordination between business and the federal government on cyber incident response.

US Cyber Initiatives Going Forward

Besides the Biden administration, many other public officials as well as thought leaders in the private sector are pushing for greater visibility in reporting, among other initiatives aiming to improve (or catch up) the US’s cyber defense standards. Several agencies are also increasing regulatory controls as much as they are able, along with promoting more awareness and education among their constituents.

Nation-State Cyber War News

The ongoing cyber Cold War between mostly NATO, Russia and China is in large part driving a good portion of malicious activity as both nation-state and state-sponsored hackers (as much as that line can be clarified) keep up a momentum that spiked with the war in Ukraine. Besides spillover from the digital side of this conflict, pre-existing tensions as well as relationships within the cybercrime ecosystem are propelling a complex web of infiltration and exploitation campaigns.

Ukraine Invasion Updates

Despite the invasion being somewhat overshadowed in the recent news cycle by several major domestic issues stateside, the situation in Ukraine has remained mostly the same between June and July 2022, especially on the cybersecurity front. Ukrainian network security personnel – along with both local and overseas support – continue to respond to attacks that most likely originate from Russia or allied nations, though they have reported a noticeable increase in malware activity over the past few months.

North Korea in Spotlight

North Korea has been a frequent highlight in the news lately for a variety of different reasons, including a significant among of hacking activity. The conflict in Ukraine has given Kim Jong-un multiple opportunities to strengthen his relationship with Putin, which could easily include malware campaigns that would help provide desperately-needed revenue in addition to helping fulfill their ally Russia’s political goals.

Here are some of the top stories around recent suspect hacking attempts by North Korean operatives:

• The FBI, CISA and the US Treasury Department warn healthcare organizations about Maui ransomware targeting their industry
• Microsoft security researchers reported they found the H0lyGh0st ransomware targeting SMBs specifically
• Federal investigators warn cryptocurrency firms of infiltration and theft by North Korean agents
• The US Department of Justice announced they recovered $500K of Bitcoin from North Korean hackers who had extorted the money from two healthcare providers

More Russian Cyber Attacks

Despite Russian cyber warfare efforts in Ukraine falling below the apocalyptic-level predictions many had made previously, their security services have continued to make use of their hacking tools and strategies persistently. Though much of the malicious activity has centered on targets tied to the war in Ukraine, researchers have tracked suspected cyber spies effectively navigating through digital spaces – like cloud storage services – and still claiming victims across various industries with ransomware.

Get More Cybersecurity News Updates from 2022

Though the above includes many of the top stories from July’s cycle, there is still plenty more cybersecurity news from the rest of the month as well as from all of 2022 that could have an impact on your business. Talk to our expert consultants to learn more about the latest developments in infosec and what your company needs to do to keep your cyber defenses up to date.

Contact SWK here to get in touch with an expert and learn how to secure your data against the latest cyber threats.