Skip to main content
search
BlogCybersecurityIT Services

SWK Cybersecurity News Recap October 2022

By October 21, 2022No Comments

swk-cybersecurity-news-october-2022-updates-awareness-month-reading

This Cybersecurity news recap for October 2022 will dive into a few more varied topics than previous months’ focus on high-profile data beaches. While there are still plenty of cyber incidents to cover over the start of Q4, the past month proved (and continues to prove as of this writing) to be more give-and-take when it comes to cyber news. While there remain plenty of reasons to be pessimistic about the significant amount of bad news this cycle, there is still room to be optimistic on the ability of the private and public sectors to adapt and respond to the growing cyber crisis, and improve upon these efforts.

Continue reading below to see some of the top cybersecurity news topics from October 2022 and how they may affect your business:

October is Cybersecurity Awareness Month

Since 2004, the White House has designated every October as Cybersecurity Awareness Month, in which the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations provide education and resources promoting better cyber hygiene and network security. A lot of the information delivered via public channels is typically inundated with only basic tips and pitches, but CISA offered a significant amount of materials and guidance to both individuals and businesses. The Biden administration also took advantage of the month to quantify and reaffirm its continued focus on nationwide cybersecurity improvements (more on this below).

Recap of Government Cybersecurity Efforts in October 2022

Since even before Biden’s May 2021 Executive Order on improving security standards in the public sector, the current White House has maintained a steady momentum in steering legislation and partnerships towards building a better cybersecurity net across the US. This has culminated in many proposals and agreements brought up for negotiation even while new directives are rolled out from the White House.

Airport Hack & New TSA Rules

A coordinated series of cyber attacks against multiple US airports prompted the TSA to impose stricter cybersecurity requirements for key aviation systems within only days. Though most of the victims recovered systems shortly (some within minutes), the speed of the regulatory response itself seems unprecedented, and was followed shortly by similar rule updates for critical rail systems. With the Biden administration also promising the arrival of new security standards for healthcare and other infrastructure sectors, businesses in these and similar industries should expect stricter compliance obligations in 2023.

National Cybersecurity Strategy

The White House released preliminary documentation for its national cybersecurity strategy in October 2022, the first publication of its kind since 2018, and which will be followed up by a finalized release by National Cyber Director Chris Inglis. The Director responded to rumors of the expanded role the federal government will be granted over private sector security standards by this final document, defending the perceived “toughness” of the new rules. At the same conference where he was questioned on the strategy, Inglis also expressed new optimism in the country’s direction for cybersecurity, citing Ukraine’s response to cyber attacks as a proof-of-concept for best practice.

airport-hack-cyber-attack-october-2022-russia-killnet-ukraine

Vulnerability Updates as of October 2022

October 2022 was another month of critical vulnerabilities being uncovered across key systems, exploits found being used in the wild, or vendors rushing to patch bugs.

Microsoft

Microsoft did not have the best month for cybersecurity, with several vulnerabilities and a potential breach uncovered recently (more on this below). Most of the critical vulnerabilities were discovered during a regular “Patch Tuesday” and were ostensibly being addressed by Microsoft; however, Ars Technica discovered an ever bigger flaw hidden in Windows OS for years. The bug essentially would let hackers get past a blocklist for external drivers and use it to download malware that give them greater control over more secure parts of the system – a technique that has been deployed in the real world by some of the most notorious ransomware strains.

Vulnerabilities List

Other vulnerabilities or exploits discovered in October 2022 include:

Data Breaches & Exposures Continue into Q4

While there may be slightly less headline-dominating breaches as the Uber and Optus hacks this news cycle, there were still plenty of noteworthy incidents impacting a wide range of organizations, including:

Breach Penalties & Lawsuits (+ Criminal Charges)

Besides more recent breaches, quite a few past exposures are appearing in the news again for penalties and lawsuits brought against companies that were accused of failing to notify customers their data was compromised in time (or at all). In at least one high-profile story as well, an executive was convicted of criminal charges for failure to report on a breach, along with a few other arrests of hackers and even a resignation over cybersecurity rule breakage.

Here are some of the more noteworthy case headlines:

Other Cyber News Stories

Here are some of the other cybersecurity news stories from October 2022:

Open Phishing Toolkit for Microsoft 365

A Phishing-as-a-Service (PhaaS) platform dubbed “Caffeine” specifically targeting Microsoft 365 accounts was discovered this year in the wild, and research on its capabilities and background confirm that it is effective at producing a spoofed Microsoft login page while avoiding detection. What is more concerning, however, is that it is relatively easier to access than other PhaaS toolkits for amateur cybercriminals who only need to sign up and pay a subscription instead of being vetted. The good news is that it seems to be mostly focused on victims in Russia and China currently, but there remains a possibility it could be modified for US targets in the future.

Russia & Ukraine

The conflict over the Russian invasion of Ukraine earlier this year continues to spill over both locally and internationally, with cyber attacks such as the previously mentioned campaign against US airports being claimed by or attributed to pro-Russia hackers. Here are of some of the top cyber stories around the war and its impact:

Cybersecurity for Gen Z & Millennials

A survey by Ernst & Young LLP (EY) revealed that employees from the digital native generations – “Gen Z” and “Millennials” – are more likely to disregard best practices and corporate guidelines for IT security, including when using work devices. The study’s results highlighted both an increased level of complacency among those who were more exposed to cyber risk growing up, and a failure of current cyber policies to match human behavior and make education personable.

Google Privacy Concerns & Response

The Texas Attorney General has filed a lawsuit against Google for the second time in 2022 over privacy concerns, riding a wave of increased scrutiny against tech giants and the data they collect. While Google has called the Texas AG’s suite “breathless,” it has taken note of these concerns among it user base in the US and seeks to address them with updated and new services such as My Ads Center that ostensibly introduced new data security controls.

Get More Cybersecurity News from SWK

2022 has been a heavy year for cybersecurity news and it can be difficult to wade through all the noise to uncover developments that could impact your business the most. Get in touch with SWK Technologies and we will help you sort through the chaos to narrow down the most important updates and changes that will affect how and where you need to protect your critical data.

Contact SWK today to get more specific cybersecurity updates and discover what you need to do to ensure you are protected against the latest threats.

Get in Touch with Our Cybersecurity Experts

Close Menu
SWK Technologies