ransomware

Another Year of Ransomware? Top Cybersecurity News of January 2023

2022 was a record-breaking year for cybersecurity, both in terms of positives and negatives. While we have seen groundbreaking technological advancements and a major growth in security funding, industries have also experienced recording a breaking number of ransomware attacks and threats. 

Heading into 2023, industry leaders predicted it would be another grim year for cybersecurity as threat actors will continue to rain down on critical infrastructure and vulnerable industries with sophisticated attacks and more advanced persistent threats. Mid-way through January, those predictions couldn’t be clearer. 

Here are some of the most notable cybersecurity news from the first two weeks of January: 

 

Royal Mail crippled by Russian-backed ransomware 

On the 11th of January, Royal Mail revealed that it had been hit by a major “cyber incident”, which has disrupted its ability to carry out international deliveries. The ransomware has apparently encrypted multiple delivery dispatch and logging services of the company. 

Additionally, the ransom note has also stated that Royal Mail’s consumer and employee personal data were stolen, as the attackers are threatening to leak private information if ransom demands are not met. 

Initial investigation has revealed that the infamous Russia-based LockBit gang is behind this attack. The same group was previously responsible for launching attacks on the NHS and stealing private information from 16 healthcare providers. 

Royal Mail has issued a statement asking its customers not to submit any new parcels or items for international delivery. However, its imports and domestic services remain unaffected and operational. 

 

ChatGPT AI is being used to write malicious code 

ChatGPT was one of the biggest stories at the end of 2022, as users across the world were shocked by this open-source AI’s ability to generate unscripted dialogue and content about nearly any topic. From general blogs to programable codes, OpenAI’s new development can produce a fresh perspective on almost any digital knowledge. 

However, like most other technological innovations, threat actors have already started misusing the tool for their own twisted gains. Several researchers and security experts have reported that Chat GPT is actively being used to design dark web landing pages, malicious codes for malware development, and Java code skeletons for launching DDoS attacks. 

A number of leading security providers such as WithSecure have released statements and reports about these malicious efforts and warned the industry about the dark side of this amusing chatbot AI. 

 

Hackers are using stolen bank information to trick users into downloading malware

A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT.

The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims into opening suspicious Excel attachments.

The discovery comes from cybersecurity firm Qualys, which found evidence of a database dump comprising 418,777 records that are said to have been obtained by exploiting SQL injection faults.

 

Threat actors are exploiting a critical vulnerability in Control Web Panel

Malicious actors are exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. Attackers are executing remote commands using this vulnerability to compromise potential devices and IP addresses across several regions. More details of the vulnerability can be found here

For more insights and analysis, follow Code Red on Twitter and LinkedIn.

 

Back to Knowledge Hub