Last week cyber news
• A cyber attack against the Rambam Medical Center in Haifa was thwarted last week, the attack is apparently due to exploiting a weakness in Ivanti’s VPN.
• For the first time: Iran used AI in cyber attack against Israel.
• Energy giant Schneider Electric was hit by a ransomware attack.
• Mercedes Benz – sensitive data including source code was accidentally exposed.
• Cloudflare service hacked using authentication tokens stolen in Okta attack.
Ransomware attack payouts peaked at $1.1 billion in 2023
In 2023, ransom payments due to ransomware attacks jumped for the first time to over 1.1 billion dollars. This amount shatters previous records, reverses the downward trend in ransom payments in 2022 and places 2023 as a particularly profitable period for ransom gangs. The previous record figure was set in 2021, with ransom payments amounting to 983 million dollars.
The most prolific ransomware groups in terms of ransom amounts extorted from entities and organizations in 2023 are: ALPHV/Blackcat, Clop, Play, LockBit, BlackBasta, Royal, Ransomhouse and Dark Angels.
Coveware recently reported a steady decline in ransomware victims choosing to succumb to blackmail and pay the cybercriminals. Still, Chainalysis’ statistics show that this may not be enough to tackle the problem. On the contrary, ransom operations can remain highly profitable as long as the number of attacks increases, and large organizations continue to pay the heavy ransom demands. Overall, 2023 was a good year for ransom gangs despite attempts by law enforcement agencies to disrupt their activities. It is hoped that the trend of victims refusing to pay ransom will continue and reach a critical point where ransom operations will become economically unsustainable.
The Israel National Cyber Directorate
The Israel National Cyber Directorate published a guide for the use of artificial intelligence (AI) systems in a secure manner.
The purpose of the guide, the preparation of which involved 11 cyber protection agencies in the world, is to provide organizations with a guide for using artificial intelligence (AI) systems in a secure manner. The guide summarizes the most important threats related to artificial intelligence (AI) systems and offers organizations steps to integrate artificial intelligence while managing risks. The publication provides ways of protection for organizations that use artificial intelligence systems, whether the applications are hosted on their systems or with a third party.
Security updates
Fortinet has published 2 critical vulnerabilities in FortiOS, the operating system that runs the company’s SSLVPN/Firewall products. The two vulnerabilities are classified as critical and may allow an attacker to run code remotely on the equipment, without the need for authentication (RCE). The latest version of the operating system suitable for the equipment you have should be tested and installed as soon as possible.
The AnyDesk remote desktop software has been hacked and requires a password reset. Out of caution, AnyDesk has canceled all passwords to its web portal and the company is urging software users to change their passwords. It is also recommended to download the latest version of the software, which comes with a new code signing certificate.
Cisco has issued a security advisory to address vulnerabilities affecting the Cisco Expressway Series. An attacker could exploit one of these weaknesses to gain control of an affected system. Users and administrators should review the Cisco Expressway Series advisory and apply the necessary updates.
VMware has issued a security advisory to address several vulnerabilities in Aria Operations for Networks. An attacker could exploit one of these weaknesses to gain control of an affected system. Users and administrators should review VMware Security Advisory VMSA-2024-0002 and apply the necessary updates.
