Updated: Aug 12, 2022
Take a look at this week’s Cyber Weekly Digest and read about some of the biggest cyber security news from around the world, including a “massive” cyber attack on the German Chambers of Industry and Commerce, and the security concerns around the vote for the next UK Conservative Party leader. Keep reading to stay up to date on the latest cyber security stories.
VMware is warning users to patch multiple products affected by a critical authentication bypass vulnerability that could allow an attacker to gain administrative access to a system as well as exploit other flaws. The vulnerability is tracked as CVE-2022-31656 and has a rating of 9.8 on the CVSS. It is one of a number of fixes the company made in various products in an update released on Tuesday for flaws that could easily become an exploit chain. The flaw is an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. The bug affects local domain users and requires that a remote attacker must have network access to a vulnerable user interface.
The ALPHV ransomware gang, known as BlackCat, has claimed responsibility for a cyber attack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator. Creos’ owner, Encevo announced the attack last month and resulted in customer portals being unavailable. This week BlackCat added Creos to their extortion site threatening to publish 180,000 stolen files, including contracts, agreements, passports, bills, and emails. Creos has urged all customers to reset their online account credentials as they continue to investigate the incident.
This week after consulting with the GCHQ, the UK Conservative Party has changed its plans for the leadership contest voting, although there is no indication of a specific threat from attackers. The GCHQ warned that attackers may have been able to change people’s votes as it was planned that members would be able to vote by post or online and has the option to use the alternative method to change their previous vote. The GCHQ has become increasingly concerned about political votes in recent years following Russia’s efforts to interfere with the 2016 US presidential election. The Conservative Party vote will not only determine the next Conservative leader but also the next UK Prime Minister.
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack this week. A short statement published on the DIHK site describes the shutdown as a precaution and a way to give IT teams time to develop a solution and build up defense. Although it has not been confirmed, the attack shows all signs of a ransomware attack. The DIHK informed the public that the attack occurred on Wednesday and characterised the incident as “massive”.
An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files or Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability in Windows. In one instance, the threat actors attempted to strike a Russian aerospace and defence entity known as OAK based on evidence gleaned from a fake domain registered for this purpose.