CNI Threats: Top Cybersecurity News From February 2023
Heading into the second month of 2023, the world of cybersecurity is facing a new have of CNI (Critical National Infrastructure) threats. We have seen a concerning number of state-sponsored threats in the first week of February, posing significant risks to several government and public-service organisations.
Here are the top security incidents from the first week of February 2023:
Russian-linked cybercriminals target the British financial system
Earlier this week, a critical ransomware attack was reported on a trading enterprise critical to the British financial system. As a result, most trading operations in the City of London have been disrupted since Tuesday. Reports suggest that the Russian state-backed LockBit group was behind the attack.
The incident, which was originally reported on Tuesday, affected 42 of ION Trading UK’s customers. Many European and American banks and brokers were compelled to handle trading deals manually.
According to affected brokers, the disruption is affecting crucial operations such as margin calls and regulatory reporting on major market positions. The software used by the targeted firm executes derivatives deals in the stock, bond and commodities markets.
US nuclear sites face major espionage threats
The Pentagon has reported major state-sponsored threats to the US nuclear facilities. According to recent reports, a Chinese spy balloon was detected over Montana, which is the site of several nuclear missile silos.
A Pentagon spokesman, Brig. Gen. Patrick Ryder, said that “the U.S. government acted immediately to prevent the collection of sensitive information” once it spotted the balloon. US intelligence reports have also suggested that similar balloons were previously detected over Guam and Hawaii, which are also critical locations for US military assets.
CISA detects major vulnerabilities in Oracle E-Business Suite
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported two new vulnerabilities in Oracle web applications. According to its reports, these vulnerabilities are being actively exploited by threat actors.
The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.
“Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator,” CISA said.
Vice Media discloses major data breach
Vice Media disclosed that the company had suffered a major cyberattack on its networks on March 2022. The breach affected the financial and personal information of over 1,700 individuals.
The company had appointed a third-party security firm for investigation. According to the reports, the attackers gained access through a compromised internal email account. Despite the criticisms, the company did not comment on why it took almost a year to report the incident.
For more insights and analysis, follow Code Red on Twitter and LinkedIn.