What happened recently?
- Researchers from Qi’anxin Red Raindrops reported a cyberattack campaign, carried out by Russia-backed Fancy Bear group, that used fake NATO training course materials to target NATO members and other related government agencies.
- A cybercriminal group posing as officials from the Texas Department of State Health Services sent out fake requests for quotes to vendors. The scammers even left a number that showed the Texas DSHS as the first result on the Google search page. The overall deal was worth hundreds of thousands of dollars.
What do the trends indicate?
- In mid-September, we learned about a ransomware attack at the Development Bank of Seychelles. However, the technical details about the ransomware or whether attackers exfiltrated any data were not disclosed.
- Three ransomware attacks were reported in the second week: NetWalker ransomware rattled K-Electric, the only electricity provider for Karachi (Pakistan); BancoEstado, one of Chile’s biggest banks, shut down all the branches following a ransomware attack (allegedly by the REvil/Sodinokibi group); Conti ransomware operators published several documents of the Fourth District Court of Louisiana on their leak site as proof of the attack.
- At the beginning of this month, the NetWalker group targeted Dirección Nacional de Migracione, the Argentinian immigration agency, forcing it to take its systems offline for four hours. Hackers reportedly raised the stakes from $2 million to $4 million (~355 Bitcoins) after a week’s delay in payment.
Top threats faced by critical facilities
Every industry or sector has its own shortcoming and limitations. However, on a surface level, some of the top concerns include rising challenges due to the emergence of IoT devices, unpatched vulnerabilities or poor visibility of them, and irregularities in offering cyber awareness programs.
Most of the attacks during the COVID-19 period are deemed to be critical in nature. From organizations in healthcare and education to the utility sector and e-commerce firms, cyber adversaries have left no sector untouched.