Weekly Cybersecurity Recap April 1
Table of Contents
- By Patrick Ryan
- Apr 01, 2022
The pace of digital attacks has picked up as Russia's war against Ukraine continues. Though Russia has not come close to crippling the digital infrastructure of the free world, cybersecurity industry veterans are on edge as the war enters its second month. However, plenty of the cyber-attacks that occurred in the previous week were unrelated to the war in Eastern Europe. Let's take a look at some of the most newsworthy hacks and digital breaches that went down in the final week of March.
Sophos contains a bug that permits remote code executions (RCEs) to move into firewalls. This digital security flaw stems from Sophos' failure to add the proper bypass for authentication. Sophos rushed to plug the firewall vulnerability, yet cyber security specialists are not completely confident that the repair effort will prove effective. The Sophos firewall bug relates to the user portal and web admin in version 18.5.3 and older versions.
Hackers who took advantage of the bug disabled the Sophos firewall to tap into highly sensitive data and compromise the company's network. A manual update can be implemented to combat the threat. The company has also provided a workaround solution with the verification of the firewall user portal and web admin to ensure they are not exposed to WAN. In plain terms, this means Sophos clients are advised to disable WAN access to the user portal and web admin.
Exchange Server Hijacking
Digital criminals are exploiting exchange server emails that lack sufficient patching. The breach transmits malware by violating exchange server email chains. The email phishing scan relies on conversation tactics to hijack and send malware referred to as "IcedID" to steal valuable data. The hackers deliver the malware to vulnerable computers through Microsoft Exchange servers that lack sufficient patching.
Google has issued a warning to those who use its popular Chrome web browser. Google Chrome users are encouraged to upgrade their browsers to overcome the threat of a zero-day hack. This is the second such hack launched against the tech giant in the previous three months. According to Google's digital security team, Chrome web browsers used in macOS, Linux, and Windows operating systems are susceptible to the hack.
Aside from upgrading the Chrome browser, Google's brass doesn't have any other advice for Chrome users. Those who use the Microsoft Edge browser are also vulnerable. Edge browser users can enhance the safety of their surfing on the web by adding the digital protection available through the ellipses on the right side of the browser window.
Partnership Health Plan of California hit by Hive Ransomware
The IT systems of the Partnership Health Plan of California have been temporarily disabled because of a Hive ransomware attack. It appears the health group has not ponied up the requested ransom as representatives of the nonprofit managed care specialist have warned clients that its systems might be down for several weeks or longer.
Though the group's official statement pertaining to the ransomware attack references technical difficulties, it appears as though its internal systems have been paralyzed by Hive ransomware employed through multiple mechanisms. The attack centers on the transmission of harmful attachments to phishing messages. It merely takes one download of the malicious attachment to trigger remote desktop protocols and the subsequent network breach, file encryption, and ransom request. Hive ransomware has quickly expanded to the point that the FBI issued a warning about its ubiquity and potency.