AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 07/13/2023

Financial Industry Faces Soaring Ransomware Threat 

The financial industry has been facing a surge in ransomware attacks over the past few years, said cybersecurity provider SOCRadar in a threat analysis post published on July 12, 2023. This trend started in the first half of 2021, when Trend Micro saw a staggering 1318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020. Although such large numbers have not yet been observed for the past two years, the increase continues, SOCRadar said. The data gathered by the outsourced security operation center (SOC) provider showed that the financial industry was the seventh most targeted sector by ransomware actors in the first half of 2023. The industry has already suffered more attacks in six months than in 2022. 


White House Urged to Quickly Nominate National Cyber Director 

In a letter addressed to the White House Chief of Staff, the Cybersecurity Coalition urged the Biden administration to nominate a new National Cyber Director (NCD) before the end of July. The missive cited concerns over the “ever-changing and increasingly complex cyber landscape” as the driving force behind ensuring the role was filled quickly. The letter noted the nomination of the position presents a “critical opportunity” for the administration to cement the significance of the Office of the National Cyber Director (ONCD), which was established under the guidance of Chris Inglis, the former director. 


Tax preparers that shared private data with Meta, Google could be fined billions 

Yesterday, Congress members revealed the results of a seven-month investigation into tax-filing companies. Lawmakers found that H&R Block, TaxAct, and TaxSlayer “recklessly shared” potentially hundreds of millions of taxpayers’ sensitive personal and financial data with Google and Meta “for years” in apparent violation of laws prohibiting tax preparers from sharing tax return information without customers’ consent. In a press release provided to Ars from the office of Senator Elizabeth Warren (D-Mass.), lawmakers alleged a “massive, likely illegal breach of taxpayer privacy.” Insisting upon urgent redress, lawmakers are now calling upon the Department of Justice, the Internal Revenue Service (IRS), the Federal Trade Commission, and the Treasury Inspector General for Tax Administration to “fully investigate this matter and prosecute any company or individuals who violated the law.” 


NSA, Cyber Command nominee says Section 702 is ‘irreplaceable,’ weighs in on other topics 

The Biden administration’s nominee to lead U.S. Cyber Command and the NSA offered his first public insights on controversial surveillance programs, encryption and other hot button cybersecurity issues. Senators on both sides of the aisle repeatedly ask Haugh for his opinion on an expiring surveillance law the administration is campaigning to renew. The law, Section 702 of the Foreign Intelligence Surveillance Act, protects the U.S. from foreign-based cyberattacks and yields intelligence to address an array of national security threats. “In my experience it’s absolutely essential,” Haugh said. “It is extensively used and it is an irreplaceable authority for the intelligence community.” 


Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites 

The growing list of MOVEit cyberattack victims has grown. Sixty-two clients of Big Four accounting firm Ernst & Young now appear on the Clop ransomware group’s data leak sites. The Clop ransomware group’s supply chain attack on the popular MOVEit file transfer software leaked 3 terabytes of critical information about Ernst & Young clients including financial reports and accounting documents in client folders, passport scans, Visa scans, risk and asset management documents, contracts and agreements, credit agreements, audit reports and account balances. 


APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure 

An unnamed advanced persistent threat (APT) group has set its sights on two Rockwell Automation product vulnerabilities that they could use to cause disruption or destruction in critical infrastructure organizations. According to its advisory (only accessible to registered users), Rockwell has worked with the US government to analyze what it describes as a new exploit capability leveraging vulnerabilities in ControlLogix EtherNet/IP communication modules. Specifically, 1756 EN2 and 1756 EN3 products are impacted by CVE-2023-3595, a critical flaw that can allow an attacker to achieve remote code execution with persistence on the targeted system by using specially crafted Common Industrial Protocol (CIP) messages. A threat actor could exploit the vulnerability to modify, block or exfiltrate data passing through a device. 

Related Posts