Updated: Mar 18, 2022
Read this week’s Cyber Weekly Digest to find out about the biggest cyber security news including the threat across who breached Samsung’s network and a supply chain attack affecting Russian government sites. Keep reading to stay up to date on this week’s cyber security news.
Samsung confirmed on Monday that its network had been breached and the threat actors stole confidential information, including source code present in Galaxy smartphones. The data extortion group Lapsus$ took responsibility for the attack after leaking close to 190GB of archives claiming to have been stolen from Samsung Electronics. In a statement, Samsung stated that a “security breach” had occurred related to internal company data but said that customer and employee data were not impacted.
Russia has claimed that some of its federal agencies' websites were compromised in a supply chain attack this Tuesday, after unknown attackers compromised the stats widget used to track the number of visitors by multiple government agencies. After hacking the widget, the attackers were able to publish incorrect content on the pages of the websites. The Russian Digital Development Ministry claims the state agencies' websites were brought back within an hour after the breach.
Microsoft has addressed 71 security vulnerabilities in the March Patch Tuesday update with only three rated critical in severity. The other 68 are all rated “important.” Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been exploited in the wild yet. Two of the critical vulnerabilities are video extension bugs which require social engineering to convince a victim to download and open a specifically crafted file. The other being a vulnerability in Exchange Server.
The Emotet Botnet which resurfaced in November 2021 following a 10 month break has been steadily growing. Since November it has infected 100,000 hosts across 179 countries. Before its takedown at the beginning of 2021, it had infected 1.6 million devices globally. Emotet’s return is said to have been orchestrated by the Conti ransomware gang as an attempt to shift tactics following increased law enforcement scrutiny.
A subsidiary of KMG International, Rompetrol announced today that it is dealing with a "complex cyberattack" that forced it to shut down its websites and the Fill&Go service at gas stations. Rompetrol is the operator of Romania's largest oil refinery, Petromidia Navodari, which has a processing capacity of over five million tons per year. The threat group Hive is supposedly behind the attack and is reportedly asking for a $2 million ransom in exchange for a decryptor and not to leak the allegedly stolen data.