Weekly News Roundup February 14-18, 2022


Posted on by Kacy Zurkus

Every once in a while, cybersecurity makes its way into the mainstream media, which can be unnerving. So, dear reader, it gave me pause earlier this week when news about Prince Charles and Camilla was sandwiched right between #cyberattack and #malware in the “What’s Happening” section of my Twitter page.

Turns out some of the buzz was in response to a joint advisory issued by the FBI and the US Secret Service on February 11, 2022, which warned that “BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.” Days later, the San Francisco 49ers made headlines, not because of the Super Bowl but because the same hacking group had infiltrated the team’s servers.

Other industry news creating this stir on social had to do with PCI SSC and the National Cybersecurity Alliance issuing a joint bulletin warning about the rising threat of ransomware attacks. Then Google confirmed it released an updated version of its Chrome patches, fixing eight security vulnerabilities, one of which was a zero-day being exploited in the wild. The malware hashtag seemed to be in response to research released by Proofpoint suggesting that threat actors dubbed TA2541 were targeting aviation, aerospace, transportation, manufacturing, and defense industries. Alas, by close of business on Tuesday, the world felt normal once again with the engagement of Simone Biles and Jonathan Owens trending strongly on social.

Though they didn’t elevate to trending status, the FBI and CISA issued several warnings throughout the week, ranging from concerns about BEC attacks on virtual meeting platforms to protecting cleared defense contractor networks from Russian state-sponsored attacks.

Indeed, there was a lot more industry news that made headlines this week. Here’s a rundown of some of the top cybersecurity stories you might have missed.

Feb. 18: The lack of follow-through with offboarding procedures during the “Great Resignation” has reportedly left companies vulnerable to security risks.

Feb. 18: Business Insider reported, “The US Justice Department this week announced the launch of the National Cryptocurrency Enforcement Team to combat the criminal use of digital assets.”

Feb. 17: Malicious actors compromised Microsoft Teams and used the chat feature to distribute malware, according to security researchers at Avanan.

Feb. 17: Security researchers at Imperva said they halted “the largest bot attack they’ve ever seen.”

Feb. 16: Krebs on Security reported, “The email address used by a cybercriminal actor who offered to sell the stolen [International Committee for the Red Cross] ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.”

Feb. 16: In a Wall Street Journal Opinion piece, authors Graham Allison and Eric Schmidt asserted that America’s 5G mobile speed is “abysmal,” falling far behind other nations, including China.

Feb. 16: According to a Forbes report, “Waymo, Alphabet Inc.’s autonomous driving unit, is expanding its ties to the freight-hauling industry by teaming up with C.H. Robinson, North America’s biggest freight-booking platform, as part of its efforts to get its robotic truck technology on the road and hauling goods for commercial customers.”

Feb. 15: WIRED reported, “CISA may be on the front lines of any escalation by Russia that ripple all the way to the US homeland.”

Feb. 15: A lawsuit alleging that Facebook had violated federal and state privacy laws culminated in a preliminary settlement that “requires Facebook to delete data it collected improperly” and pay $90 million.

Feb. 14: Japanese sports equipment and sportswear brand Mizuno suffered a ransomware attack believed to have been targeting the company’s US corporate network.

Feb. 14: “Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers,” The Record reported.

Feb. 14: A former Mesa Country clerk in Colorado, Tina Peters, who was stripped of her county election duties for promoting false information and allegedly breaching the security of voting machines, announced she is running for Colorado’s Secretary of State, the top elections official.

Contributors
Kacy Zurkus

Content Strategist, RSA Conference

RSAC Insights

artificial intelligence artificial intelligence & machine learning botnets critical infrastructure cyberattacks cyber warfare & cyber weapons disinformation campaigns/fake news patch vulnerability & configuration management zero day vulnerability ransomware persistence mobile security privacy

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community