|

The Week in Security: Attacks on critical infrastructure and the software supply chain take off

Carolynn van Arsdale
Blog Author

Carolynn van Arsdale, Cyber Content Creator at ReversingLabs. Read More...

ci-supply-chain-attacks-soar

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

This week: Critical infrastructure sectors such as education and aviation are being targeted by cybercriminals. Also: software supply chain attacks have increased by 742% in the past 3 years. 

This week’s top story

Critical infrastructure sectors such as airports continue to be targeted

Cyber attacks on critical infrastructure organizations globally have been happening for decades. But the incident that brought this concern back to the forefront of the cybersecurity community was the infamous ransomware attack on Colonial Pipeline, a private company that supplies gasoline to America’s eastern seaboard. This attack caught international attention, and everyday Americans were directly impacted as a result of this critical infrastructure entity being disrupted. 

A year-and-a-half later, cybercriminals are continuing to feel emboldened in their targeting of critical infrastructure organizations, both in the U.S. and abroad. As of this month, cybercriminals have targeted at least four different critical infrastructure sectors, which if disrupted could cause societal disarray and national security concerns. 

Most recently, researchers at Microsoft have discovered a new ransomware campaign that is targeting transportation and logistics organizations in Poland and Ukraine. Known as Prestige Ransomware, the group targeted a number of victims within the same hour, using three different attack methods. 

Additionally, healthcare providers have become a popular target for cybercriminals. Just this month, CommonSpirit, a major healthcare provider in the U.S., suffered a ransomware attack that the health system is still trying to recover from. The attack resulted in 142 facilities in 21 states losing access to online networks, causing disruptions to patient care. Cybercriminals have also attacked healthcare networks abroad, such as a French hospital in August.

The aviation industry has become another target for cybercriminals, and U.S. government officials are beginning to take action to better secure this area of critical infrastructure. This comes after a string of cyber attacks that impacted several U.S. airports, including the Los Angeles and Atlanta airports. 

Also on the growing list of targeted critical infrastructure entities is education, with targets ranging from K-12 schools to colleges and universities. Over 1000 schools and colleges were targeted by cybercriminals in 2021 alone, and so far in 2022 this number has already increased, bringing the total closer to 2000 victims this year alone. 

Not only is it concerning that cybercriminals are attacking a wide range of critical infrastructure entities, but also that most of these cybercrime operations are originating from Russia, or have been carried out by Russian-speaking actors. This is the case with the incidents targeting transportation and logistics organizations in Poland and Ukraine, several American airports, as well as educational institutions, specifically the Los Angeles school district

It’s evident that protecting critical infrastructure will have to continue to be the cybersecurity community’s responsibility, especially as more sectors and countries are targeted in the future. 

News roundup

Here are the stories we’re paying attention to this week…  

Sonatype report reveals software supply chain attacks soar 742% in 3 years (IT Security Guru)

Sonatype’s eighth annual State of the Software Supply Chain report, which was compiled from public and proprietary data analysis, has revealed the figures including 131 billion Maven Central downloads and thousands of open source projects.

Ransom Cartel linked to notorious REvil ransomware operation (BleepingComputer)

Researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations' encryptors.

Qatar spyware and the World Cup (Schneier on Security)

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. They will be asked to download two apps called Ehteraz and Hayya, which both track phone activities. 

Imagine surviving a wiper attack only for ransomware to scramble your restored files (The Register)

Organizations hit earlier by the HermeticWiper malware have reportedly been menaced by ransomware unleashed this month against transportation and logistics industries in Ukraine and Poland.