Cybersecurity remains a crucial concern in today’s digital world, given the constant increase in cyberattacks. To keep you informed about the latest developments and trends in this field, I have compiled a list of the top 10 cybersecurity news stories from March 2023, along with a brief overview of each.
Here are the most recent cybersecurity updates from March 2023:
- Microsoft Issues Patch for Critical Zero-Day Flaw
Microsoft has launched a patch to address a critical zero-day vulnerability in the Windows Print Spooler service, which was actively being exploited. The vulnerability allowed attackers to execute arbitrary code on vulnerable systems. Although Microsoft acknowledged that the vulnerability was being exploited by a known threat actor, the company did not provide further details. The patch is available for all supported Windows versions, and Microsoft urges users to install it immediately.
- BlackByte Ransomware Discovered Targeting VMware vCenter Servers
A new ransomware strain called BlackByte has been identified, targeting VMware vCenter Servers. The ransomware encrypts data on affected systems and demands a ransom for the decryption key. BlackByte’s method of propagation is still unknown, but it is suspected to spread through phishing emails or malicious websites. There is currently no decryption method for files encrypted by BlackByte. However, researchers have created a tool to decrypt files encrypted by the similar Ryuk ransomware, which may also work for BlackByte.
- U.S. Federal Agency Breach Exploits 3-Year-Old Microsoft Exchange Server Vulnerability
A three-year-old Microsoft Exchange Server vulnerability was exploited to breach a U.S. federal agency in January 2023. The attackers accessed the agency’s email system and stole sensitive data. The exploited vulnerability was first disclosed in March 2019, with a patch released in April 2019. However, the breached agency only applied the patch in January 2023. The attack is believed to have been carried out by a Chinese state-sponsored hacking group, which acquired sensitive information such as emails, documents, and images.
- Increase in Ransomware Attacks on Healthcare Organizations
Healthcare organizations are experiencing a growing number of ransomware attacks. In 2022, over 2,000 ransomware attacks occurred on healthcare organizations, resulting in patient data loss, healthcare service disruptions, and financial losses. Contributing factors to the increase in ransomware attacks include the rising use of electronic health records, greater reliance on technology, and heightened sophistication of cybercriminals.
- DarkSide Ransomware Group Announces Dissolution
The DarkSide ransomware group, responsible for several high-profile ransomware attacks, has announced its disbandment due to “pressure from the authorities.” DarkSide operated as a ransomware-as-a-service (RaaS) provider, supplying ransomware and other tools to criminals who carried out attacks. Despite DarkSide’s dissolution, other ransomware groups remain active, and the risk of ransomware attacks persists.
- Cybersecurity Ventures Report: 82% of Organizations Unprepared for Ransomware Attacks
A Cybersecurity Ventures report reveals that 82% of organizations lack a comprehensive plan to address ransomware attacks. The survey of over 2,000 IT decision-makers found that the average cost of a ransomware attack has risen to $200,000, up from $115,000 in 2021, with an average recovery time of 21 days.
- Cyberpion Rebrands as Ionix
Cyberpion, a prominent cybersecurity company, is rebranding itself as Ionix. According to the company the rebranding demonstrates the company’s “dedication to delivering innovative and effective cybersecurity solutions”. Ionix offers a wide array of cybersecurity products and services, including endpoint protection, network security, and cloud security, as well as various training and consulting services. With its
headquarters in Tel Aviv, Israel, and offices in the United States, Europe, and Asia, Ionix employs over 500 professionals and has been in operation for more than a decade.
- Google Cloud’s New Tool Assists Organizations in Identifying and Addressing Security Risks
Google Cloud has introduced a new tool called Cloud Security Command Center (SCC) that enables organizations to detect and resolve security risks. SCC offers a centralized view of an organization’s security posture and assists in prioritizing and addressing security risks. Key features of SCC include a security dashboard, a vulnerability scanner, a threat intelligence feed, and a security orchestration, automation, and response (SOAR) platform.
- Verizon Report Indicates Rising Phishing Attacks
A Verizon report, which surveyed over 20,000 organizations, found a 200% increase in phishing attacks in 2022 resurfaced last month on social media. If you missed it, the report also noted that phishing attacks have become more sophisticated, with emails more likely to contain malicious attachments or links and impersonate trusted senders such as banks or government agencies. This highlights the importance of employee training to recognize and avoid phishing emails and the use of security solutions to protect against such attacks.
- Department of Homeland Security (DHS) Releases Guidelines for Protecting Critical Infrastructure from Cyberattacks
DHS has issued new guidelines, called the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Framework, which provide voluntary standards for organizations to enhance their cybersecurity posture. The CISA Cybersecurity Framework consists of five core functions:
- Identify: Recognize critical assets and systems.
- Protect: Safeguard critical assets and systems from unauthorized access.
- Detect: Discover unauthorized access to critical assets and systems.
- Respond: React to incidents that have occurred.
- Recover: Restore operations after incidents.
Organizations looking to improve their cybersecurity posture can utilize the CISA Cybersecurity Framework as a valuable resource, providing a set of voluntary standards for bolstering their security.