Cybersecurity Weekly: DOJ prioritizes ransomware, CODESYS flaws, Realtek bugs
The U.S. gives ransomware hacks similar priority as terrorism. Ten critical flaws were found in the CODESYS industrial automation software. Researchers warn of critical bugs affecting the Realtek Wi-Fi module. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. U.S. to give ransomware hacks similar priority as terrorism
The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals. The DOJ guidance specifically refers to Colonial as an example of the growing threat that ransomware and digital extortion pose to the nation.
2. Ten critical flaws found in CODESYS industrial automation software
Last week, cybersecurity researchers disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers. To exploit the vulnerabilities, an attacker does not need a username or password — having network access to the industrial controller is enough.
3. Researchers warn of critical bugs affecting Realtek Wi-Fi module
A new set of critical vulnerabilities was disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. Successful exploitation would lead to complete control of the Wi-Fi module and potential root access on the OS.
4. Meat giant JBS now fully operational after ransomware attack
On May 31, JBS was forced to shut down production after REvil ransomware operators breached and encrypted some of its North American and Australian IT systems. The attack on JBS follows another major ransomware incident that forced Colonial Pipeline to shut down the largest US pipeline and pay a $5 million ransom.
5. Microsoft Teams calls are getting end-to-end encryption in July
Microsoft Teams is getting better security and privacy next month with the addition of end-to-end encrypted 1:1 voice calls. While Microsoft Teams already encrypts data at rest and in transit, it allows administrators to configure automatic recording and transcription of voice calls.
6. UF Health Florida hospitals back to pen and paper after cyberattack
Last week, UF Health The Villages Hospital and UF Health Leesburg Hospital suffered a cyberattack preventing access to computer systems and email. The hospital suspended access to some of their Central Florida systems, including email, and have implemented backup procedures as their IT team ensures that all data and networks are secure.
7. Scripps Health notifies patients of data breach after ransomware attack
The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions. In an update later in the week, the Steamship Authority said that it's still working on restoring services, with trips already scheduled to operate without disruption.
8. Massachusetts' largest ferry service hit by ransomware attack
Bose confirmed that it experienced a data breach, having fallen victim to a ransomware attack in early March. Immediately upon discovering the attack on March 7, Bose initiated incident response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized activity.
9. FUJIFILM shuts down network after suspected ransomware attack
FujiFilm is investigating a ransomware attack and shut down portions of its network to prevent the attack's spread. While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez announced that FUJIFILM was infected with the Qbot trojan last month.
10. Threat actors hacked NYC MTA using Pulse Secure zero-day
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. According to MTA's Chief Technology Officer, the attackers couldn't gain access to employee or customer information.