Insights

This week saw the release of a number of reports showing that payments to ransomware gangs fell in 2022. Our Incident response team offers some insight as to why that might be happening. 

This week saw Microsoft release patches for nearly 100 vulnerabilities and a new tactic was seen being utilised by the Lorenz ransomware group. Read about both and the biggest cyber news in this week’s roundup.

Happy New Year everyone! 2023 has just begun and the cyber criminals haven’t wasted any time in getting busy attacking businesses and organisations.  

Cyber criminals and other threat actors are looking to kick their activities into a higher gear as three major upcoming events provide the perfect opportunities to launch phishing and other cyber-attacks.

Your data is your organisation’s most valuable asset. With enough transparency it can provide you with a huge amount of insight into how to improve your business, but in the wrong hands, it can irreparably damage your reputation and cost millions in compliance liabilities.  

While many organisations spend thousands on preventative cyber security tools, many make the mistake of overlooking the fact that cyber criminals are spending less time relying on brute force to gain access to protected information and more time on manipulating or bribing employees into giving up personal information.  

According to the government's Cyber Security Breaches Survey 2023, phishing is the most common form of cybercriminal activity suffered by UK businesses and charities, with 79% having been targeted by phishing scams. 

Security Update (Updated 28/3/2022 15.50)

The Integrity360 Cyber Threat Response team are currently tracking a new Zero-day vulnerability, CVE-2022-1096, found within Google's web browser Chrome. Google published an advisory on Friday 25th March, noting they are aware of the exploit and it exists in the wild. Currently, the details regarding the exploit have not been revealed by Google, however we are aware the exploit involves the leveraging of a weakness in the Chrome V8 JavaScript engine, which allows attackers to execute arbitrary code.

Security Update (Updated 04/3/2022 17.20)

Since our initial statement last week, Integrity360 has been closely monitoring the ongoing Ukraine / Russia conflict and the security and business risks this brings. Our dedicated Threat Intelligence team have continued to actively monitor for any new indicators of compromise relating to the conflict and disseminate this intelligence throughout our the business. Our SOC Analysts are working closely with the Intelligence teams to protect our Managed Security Service customers.

As the situation continues to evolve, we are keeping a close eye on the risk level posed to our customers, notifying them and reacting accordingly. We would also like to remind our customers to remain vigilant and to take action if they notice anything suspicious in their environment. We are proactively working with various teams across Integrity360 to provide our customers with the latest threat intelligence. The below roundup has been updated as part of our investigations so far. Should you require more information, please don’t hesitate to reach out to us.

Security Update (Updated 14/12/2021 15.30)

On 10th December 2021, Apache announced a new critical vulnerability and fix for Log4j, CVE-2021-44228 dubbed ‘Log4Shell’. This vulnerability affects any organisation that utilises Log4J or has software with underlying Log4J dependencies. Apache is strongly recommending Log4j systems be updated to fixed versions as soon as possible.

Security Update (14/09/2021)

Microsoft’s “Patch Tuesday” has included a fix for CVE-2021-40444. You can find the patch details for each Operating System version here. This round of updates also fixes 85 other vulnerabilities as shown here.

This week, Microsoft disclosed a newly discovered remote code execution vulnerability in MSHTML that affects Microsoft Windows. Integrity360 can confirm that it is actively being exploited in the wild.

Yesterday, it was announced that Fortinet discovered a breach, resulting in the disclosure of almost 500,000 FortiGate SSL-VPN credentials from 87,000 FortiGate SSL-VPN Devices. The attack vector was identified as a system unpatched against CVE-2018-13379.