Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Microsoft has reported an annual increase in attacks against critical infrastructure jumping from 20% in June 2021 to 40% in June 2022. In their 2022 Digital Defense Report, the tech giant has noted that this is largely due to Russia’s cyber offensive against Ukraine and the espionage of its allies. 90% of Russian attacks detected by Microsoft were targeting NATO member states, and 48% of these attacks targeted IT firms based in NATO countries. Increases in cyber-attacks originating from other countries such as Iran, North Korea, and China were also spotted throughout the course of the past year.
By Blogs.Microsoft.com
The UK, Canada, and Singapore are teaming up to improve the security of internet connected devices. The growing interconnectivity of devices is a threat to the security, privacy, and safety of consumers. The coordinated efforts of these countries will help produce “international standards and industry guidance, to foster innovation, and to encourage approaches that incorporate internationally recognised security requirements and avoid fragmentation.”
By Gov.uk
Research into the cost of cyber insurance policies has discovered that the premiums for cyber insurance have steeply increased since late 2019. In the US the cost of cyber insurance has been seen rising by 100% year on year by the end of 2021 but had declined to 79% in the second quarter and 48% for the third quarter of this year. Cyber attacks often cause millions of dollars in financial loss to businesses and insurers were making losses on their products in 2018 and 2019. Insurers have also been recorded as being more selective with the customers they will take on as well as excluding certain types of incidents from their policy.
By FT.com
A notorious fraudster called Ramon Abbas, nicknamed Hushpuppi, has been jailed for 11 years in the US for “conducting business email compromise scams, online bank heists and other cyber-enabled fraud that financially ruined scores of victims and provided assistance to the North Korean regime." During court, he admitted attempting to steal more than $1.1m from someone who wanted to fund a new children's school in Qatar and "several other cyber and business email compromise schemes that cumulatively caused more than $24 million in losses" reported the US justice department. Ramon Abbas was ordered to pay $1.7 million in restitution to two victims and sentenced to 135 months in federal prison.
By BBC.co.uk
The American Cybersecurity and Infrastructure Security Agency have put out three alerts about industrial control systems discovered to be vulnerable to multiple critical flaws. ETIC Telecom's Remote Access Server has been found to “allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines" warns CISA. The second alert was about three flaws in Nokia's ASIK AirScale 5G Common System Module (CVE-2022-2482, CVE-2022-2483, and CVE-2022-2484) which could be used for arbitrary code execution and stoppage of secure boot functionality. The final alert was about Delta Industrial Automation's DIALink products which could be used to plant malicious code on targeted appliances.
By TheHackerNews.com
Welcome to our monthly round-up of Microsoft's November 2022 Patch Tuesday. This batch of security updates includes fixes for Microsoft Exchange Server, Visual Studio, BitLocker & more. 10 critical vulnerabilities were patched this month, making immediate updates very important. We advise looking into the latest fixes and applying the necessary updates as soon as possible.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #211 – 11th November 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.