Top news stories this week
- Winter is coming. Microsoft warns of new winter Russian cyber offensive against Western targets.
- Rackspace hack. Ransomware attack at major cloud computing provider leads to service outages.
- Weaponising AI? OpenAI’s new GPT-3 chatbot demonstrates malicious capabilities.
- Incident reporting. Swiss government proposes duty to report attacks on critical infrastructure.
- Healthcare under fire. Hospitals in France and India crippled by separate cyber-attacks.
- Mind your macros. Hackers target cryptocurrency firms with malicious macro-embedded files.
Don't miss our deep dive on EvilProxy.
1. Russian winter cyber offensive?
Microsoft has released a global warning to be prepared for an uptick in Russian cyber-attacks this winter following battlefield losses in Ukraine. Separately, the Netherlands’ National Coordinator for Security and Counterterrorism has urged its citizens to prepare survival kits in case critical infrastructure is compromised. NATO also held its annual Cyber Coalition exercise in Estonia this week to model attack scenarios.
Disaster management and recovery plans should consider scenarios where critical national infrastructure is impacted as a result of a cyber-attack.
2. Exchange outage after cloud provider Rackspace hit by ransomware
Texas-based cloud computing provider Rackspace has confirmed that a ransomware attack last Friday (2 December) led to an extended outage of its Hosted Exchange email servers. The company has received backlash from customers on social media, with frustrations stemming from a lack of communication over the weekend and difficulties migrating to Microsoft 365, a solution offered by Rackspace to restore services.
The immediate aftermath of an incident is confusing, but there is a need for clear, direct, and timely communication with customers to avoid reputational fallout. Incident response should take public communications into account.
3. ChatGPT releases hints at potential impact of AI on cyber security
Researchers have been exploring the security implications of OpenAI’s powerful new artificial intelligence chatbot ChatGPT, which was launched last week. In one case, the tool was able to identify and exploit vulnerabilities in a piece of code. Additionally, the AI can be used to generate highly convincing phishing emails.
Artificial intelligence is set to revolutionise the way we work. It could be leveraged to enhance security, but it is a powerful dual use technology which can be weaponised by malware developers and other cyber criminals.
4. Swiss government proposes mandatory duty to report cyber-attacks
The Swiss government has proposed a mandatory requirement for critical infrastructure providers to report cyber-attacks to the National Cyber Security Centre. The proposed amendment to existing legislation is designed to provide more visibility on cyber crime.
It is important to stay up to date with changes to legislative and regulatory frameworks that may impose obligations and constraints on the victims of cyber-attacks.
5. Healthcare sector under fire
The Centre Hospitaller de Versailles on the outskirts of Paris was forced to cancel operations after a major cyber-attack. The hospital transferred critical patients to other facilities and services were suspended. Separately, India’s leading state hospital has recovered its systems following a two week disruption due to an intrusion from an unidentified threat actor.
Healthcare organisations make attractive targets due to chronic underinvestment in cyber security. They must remain vigilant and have robust security measures in place to protect their systems and the people they serve.
6. Hackers target cryptocurrency firms
Cryptocurrency investors are being targeted with malicious Excel files being sent via Telegram chat groups. The hackers use social engineering to convince the user to accept macros. The Excel file then executes a malicious program that enables hackers to remotely access infected systems.
Enabling macros in Microsoft Office poses a considerable security risk as threat actors can use them to download malware from the internet. Macros should be disabled by default, and only enabled on a case-by-case basis.