A report by Reuters indicates that Russian hackers affiliated with the Callisto (Cold River) group targeted three US nuclear research laboratories during the summer of 2022.
The hacking team targeted the Brookhaven, Argonne, and Lawrence Livermore National Laboratories, created fake login pages for each lab, and then emailed scientists with the intent of stealing their passwords.
Reuters did not determine why the three labs were targeted or if the attempted intrusions were successful. Neither of the three labs responded to requests for comments.
A new variant of the Agenda ransomware, a ransomware targeting healthcare and education entities, has been identified. Agenda uses the practice of partial or intermittent encryption and configures parameters that are used to determine the percentage of the file content to be encrypted. The new variant is also able to disable user account control – which otherwise could help mitigate the impact of malware by requiring administrative access to launch a program or a task.
The US government has launched a Digital Transformation with Africa (DTA) initiative dedicated to ‘expand[ing] digital access and literacy and strengthen[ing] digital enabling environments across the continent’. The USA plans to dedicate over US$350 million to this initiative, which is expected to support the implementation of both the African Union’s Digital Transformation Strategy and the US Strategy Towards Sub-Saharan Africa. DTA’s objectives revolve around three pillars:
- Digital economy and infrastructure: (a) expanding access to an open, interoperable, reliable, and secure internet; (b) expanding access to key enabling digital technologies, platforms, and services and scale the African technology and innovation ecosystem; (c) facilitating investment, trade, and partnerships in Africa’s digital economy.
- Human capital development: (a) facilitating inclusive access to digital skills and literacy, particularly for youth and women; (b) fostering inclusive participation in the digital economy; (c) strengthening the capacity of public sector employees to deliver digital services.
- Digital enabling environment: (a) strengthening the capacities of authorities and regulators to develop, implement, and enforce sound policies and regulations; (b) supporting policies and regulations that promote competition, innovation, and investment; (c) promoting governance that strengthens and sustains an open, interoperable, reliable, and secure digital ecosystem.
The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems.
Some of the report’s highlights include:
- Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
- Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
- An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.
A hospital in the Parisian suburb of Versailles, France, has been the victim of a cyberattack which led to the cancellation of all operations and transfer of patients to other hospitals. It appears that the attack was led by ransomware actors, but it is yet unclear whether data was stolen.
CSIRT Italia, the Italian Computer Security Incident Response Team, has identified an increase in Distributed Denial of Service (DDoS) against the information infrastructure of key Italian critical infrastructure. Attacks seem to be launched by a group of Russian hackers but have not breached the integrity and confidentiality of information so far.
The Swiss government has advanced a proposal for legislation that would impose mandatory notification of cyberattacks against critical infrastructures to the National Cybersecurity Center (NCSC). According to the government, ‘successful cyberattacks can have far-reaching consequences for the availability and security of the Swiss economy’; therefore a mandatory reporting scheme would provide a clearer picture of attacks and attackers and better inform cybersecurity measures.
Between 28 November and 2 December 2022, NATO held its Cyber Coalition 2022 cyber defence exercise with the goal of boosting member countries’ cyber resilience.
The exercise involved 1000 cyber defenders from 26 NATO allies, Finland, Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as well as experts from business and academia.
Cyber Coalition 2022 was used to test and validate concepts, capture requirements, or explore disruptive technologies, in support of military operators and commanders. It included experiments on the use of artificial intelligence to help counter cyber threats, on the standardisation of cyber messages to foster information sharing, and on the exploitation of cyber threat intelligence to inform cyberspace situational awareness.
The European Parliament has approved a set of rules, previously negotiated with the Council, to make the EU’s critical infrastructure more resilient. The legislation covers critical infrastructure sectors, including the digital infrastructure, creating stricter risk assessment rules and reporting for critical actors. In other words, ‘member states should adopt national resilience strategies, and cross-border communication should happen through designated single points of contact in each member state‘.
Kaspersky Security, a major security firm, has recently published its advanced threat predictions for 2023, identifying email servers and satellites as major cyberattack targets in the year 2023. The report states that 2023 will be characterised by destructive ‘cyberattacks of unprecedented gravity’ against governments, key industry providers, and high-profile civilian infrastructures. Another point of concern is the safety of underwater cables and fiber distribution hubs against physical attacks.
