SAN MATEO, CA, December 12, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- Rackspace suffers ransomware attack, urges users to beware of phishing efforts
- High-severity, currently unpatched IP phone flaw disclosed by Cisco
- No honor among thieves as cybercriminals scam each other out of millions in 2022
- Ransomware group Vice Society hit dozens of schools in 2022
- Amnesty International Canada branch spied on by Chinese hackers
- CISA to federal agencies: patch exploited Chrome bug by Dec 26th
- Russian hackers are launching cyberattacks via compromised Western networks
- BMC supply chain vulnerabilities found in dozens of servers
- French hospital delays operations due to cyberattack
Rackspace suffers ransomware attack, urges users to beware of phishing efforts
Cloud service provider Rackspace warned customers to be wary of phishing messages following a ransomware attack affecting its hosted Microsoft Exchange environment. The ransomware attack is still being investigated and has not yet been attributed to a threat actor or group. Rackspace has not yet disclosed what customer data may have been breached or exfiltrated in the incident but has stated that it will contact customers if they have been affected. Read more.
High-severity, currently unpatched IP phone flaw disclosed by Cisco
Cisco has reported a high-severity bug in its latest generation of IP phones running 7800 and 8800 Series firmware version 14.2 and earlier versions. The flaw, CVE-2022-20968, “is caused by insufficient input validation of received Cisco Discovery Protocol packets, which unauthenticated, adjacent attackers can exploit to trigger a stack overflow.” The exploit exposes victims to DDoS attacks and remote code execution. A security update is not yet available, but Cisco has provided instructions on securing their devices against attack: disable “the Cisco Discovery Protocol on affected IP Phone 7800 and 8800 Series devices that also support Link Layer Discovery Protocol (LLDP) for neighbor discovery.” Read more.
No honor among thieves as cybercriminals scam each other out of millions in 2022
According to a report from Sophos, a thriving submarket exists in which cybercriminals target one another in attempts to steal funds, gain clout or enact revenge against those they dislike. The situation has become severe enough that hacker forums have arbitration rooms dedicated to the issue. From a test pool of just three hacker sites, Exploit, XSS and BreachForums, Sophos observed criminals losing $2.5 million to scammers over the last 12 months. Watching infighting between criminals allows researchers to learn more about their strategies, operations and opinions of one another, as flaring emotions cause them to adhere less to discretion and secrecy. Read more.
Ransomware group Vice Society hit dozens of schools in 2022
Vice Society, referred to by Palo Alto Networks Unit 42 as one of the “most impactful ransomware gangs of 2022,” has been found to have targeted 33 educational facilities in 2022. While the gang is also aimed at government, retail, legal and manufacturing organizations, it seems that lax security at schools makes the group’s preferred target. Unlike many other gangs, Vice Society does not use proprietary ransomware, instead relying on HelloKitty and Zeppelin, which are available for download on hacker forums. In some cases, they skip ransomware altogether in favor of extortion. Read more.
Amnesty International Canada branch spied on by Chinese hackers
In early October, Amnesty International’s Canada branch experienced a breach that the organization is reporting to have likely originated from China, as it bears the hallmarks of activity associated with Chinese state-sponsored actors. No member or donor data has been found to have been exfiltrated in the breach, leading the organization to believe that it was executed for espionage. Amnesty International regularly reports on the Chinese government’s abuse of human rights. Read more.
CISA to federal agencies: patch exploited Chrome bug by Dec 26th
Russian hackers are launching cyberattacks via compromised Western networks
Scottish security firm Lupovis, having engaged in a covert investigative operation in which decoys were used to attract and study Russian threat actors, is reporting that it observed them using Western networks they had already infiltrated to launch cyberattacks against Ukraine. Compromised organizations have been discovered in the US, the UK, Brazil and South Africa, including Fortune 500 companies, healthcare providers and even a dam monitoring system. It is theorized that the hackers involved are criminals instead of state-sponsored actors. Read more.
BMC supply chain vulnerabilities found in dozens of servers
According to findings from firmware and hardware security company Eclypsium, three new flaws have been found in American Megatrends MegaRAC Baseboard Management Controller software that could allow a hacker to perform remote code execution. The most severe of the vulnerabilities (CVE-2022-40259) is a threat to cloud-based infrastructure. This can be exploited if hackers access a remote management interface such as Redfish. CVE-2022-40242 can be exploited to gain administrative shell access and CVE-2022-2827 is a bug in the password reset feature that can be used to determine whether or not specific user names exist. Read more.
French hospital delays operations due to cyberattack
After suffering what experts believe in having the hallmarks of a ransomware attack, the André-Mignot hospital in the Parisian suburb of Versailles has been forced to halt scheduled surgeries and relocate patients to other facilities. This attack is the third in a series of attacks levied against French hospitals in recent months, one of which was carried out by LockBit. In that attack, the hackers stole and leaked sensitive patient information in their extortion efforts. Read more.