Ransomware Setting Records: Top Cybersecurity News from the Week of March 27th
What’s in the paper for this week’s top cybersecurity news? Ransomware attacks have surged significantly as Q1 2023 comes to an end. At the same time, new groundbreaking developments are emerging in the field of AI.
Here are the most notable cybersecurity stories of the week:
US to help Costa Rica in Conti ransomware recovery
The United States government has pledged a sum of $25 million to the government of Costa Rica to support the country’s recovery from a devastating ransomware attack. Last year, the now-defunct Conti ransomware group launched an attack that crippled several key agencies, including the Ministry of Finance, the Ministry of Public Works and Transport, and the Costa Rican Social Security Fund. The attack was so severe that Costa Rica’s newly elected president, Rodrigo Chaves, declared a state of emergency in May 2022.
The Conti group openly called for the overthrow of the government and demanded a ransom of $20 million. To address the aftermath of the attack, the US government has committed to providing funding to support Costa Rica’s cybersecurity efforts. The move comes after a direct request from President Chaves, who has expressed concerns about the country’s ability to protect its networks and defend its critical infrastructure.
IBM file exchange vulnerability is leading to new ransomware threats
Security researchers have issued a warning that threat actors are taking advantage of a critical vulnerability in an IBM file exchange application to install ransomware on servers. The affected application, IBM Aspera Faspex, is used by large organisations to transfer large files or large volumes of files at high speeds.
According to IBM, the vulnerability affected versions 4.4.2 Patch Level 1 and earlier of the Aspera software and was disclosed in late January. The security flaw, known as CVE-2022-47986, enables unauthenticated attackers to remotely execute malicious code by sending specifically crafted calls to an outdated programming interface. IBM has urged users to install the latest update to patch the flaw.
The severity of the vulnerability and the ease with which it can be exploited has raised concerns among security experts. The flaw has been assigned a severity rating of 9.8 out of 10, indicating the high level of damage it can cause if exploited. Organisations using the Aspera software are advised to apply the necessary security updates immediately to protect their systems from potential attacks.
Fortra ransomware attack allegedly compromised children’s data
The impact of the Fortra ransomware attack has continued to spread as the hackers target a new victim, a virtual mental health care startup catering to children. The startup, Brightline, has confirmed that its data was stolen from the GoAnywhere file transfer tool, which is operated by its provider, Blue Shield of California. The data breach was disclosed to the Maine attorney general’s office.
According to a breach notification issued by Blue Shield of California, the personal data of over 63,000 patients may have been accessed and exfiltrated by the hackers, who are believed to be the Clop ransomware gang linked to Russia. The group claimed responsibility for breaching over a hundred organisations by exploiting an undisclosed security flaw.
Brightline was identified as a likely victim of the mass breach by TechCrunch last week. The startup offers virtual coaching and therapy services to children, making the breach particularly concerning. The breach notification confirms that sensitive patient data has been compromised, raising concerns about the potential misuse of the stolen information.
Microsoft launches AI chatbot for cybersecurity experts
Microsoft has unveiled a new chatbot designed to assist cybersecurity professionals in addressing critical issues and identifying solutions. The tool, called Microsoft Security Copilot, draws on GPT-4, a large language model from startup OpenAI, which Microsoft has invested billions in.
In addition, Microsoft has built a security-specific model using daily activity data it gathers, providing the system with knowledge of a customer’s security environment. The chatbot is part of Microsoft’s efforts to grow its cybersecurity business, which generated over $20 billion in revenue in 2022. Despite concerns about the accuracy of generative AI software, Microsoft remains committed to integrating artificial intelligence models into its products.
For more cybersecurity news, insights and analysis, follow Code Red on Twitter and LinkedIn.