Cybersecurity News Round-Up: Week of April 18, 2022

Hello and welcome back to our blog! Here are the top stories we’ve been following this week. 

We begin in the UK, where the government is newsworthy for two reasons.

First, a well-known research group claims that mobile phones belonging to British government officials have been infected with NSO Group spyware for several years. That is according to Toronto-based Citizen Lab, which says it found suspected infections involving devices used by government officials inside both the Prime Minister’s Office at 10 Downing St. and the Foreign, Commonwealth and Development Office. Citizen Lab said it’s been reporting the activity to the British government for the past two years.

Then, tech comparison firm Comparitech says UK government employees are targeted with billions of malicious emails every year — and recipients may have clicked on tens of thousands of suspicious links. Comparitech says it received answers from 260 government organizations obtained via freedom of information requests. Based on those responses, the company calculated that 764,331 government employees ‘received’ a total of nearly 2.7 billion malicious emails in 2021 – amounting to an average of 2,399 each. Comparitech clarified to Infosecurity (article below) that by ‘received’ it meant the emails were identified by the organizations in question, and therefore likely blocked.

You may recall that Elephant Money DeFi platform was attacked last week. Now, it’s Beanstalk Farms’ turn. The decentralized finance (DeFi) project has reportedly lost $182 million in a flash loan attack. With Beanstalk Farms, the attacker used a flash loan to exploit Beanstalk’s majority vote governance system to drain the huge sum. The company acknowledged the attack in a Tweet on Sunday. 

Meanwhile, just as the planting and harvesting season gets underway in the U.S., the U.S. Federal Bureau of Investigation (FBI) issued a private industry notification on Wednesday. It warned agricultural cooperatives about a potential increase in ransomware attacks during planting and harvest seasons. This makes sense considering the activities that occurred last year, such as last September when two major farming cooperatives were hit by ransomware. I suppose it’s no surprise to anyone that cybercriminals schedule their ransomware attacks to occur during the most critical times to inflict the most possible damage. 

Also this week, electronics giant Lenovo revealed that more than 100 of its consumer laptop computers contain firmware-level vulnerabilities. The company issued an advisory discussing three vulnerabilities recently discovered by security firm ESET. According to a malware analyst at ESET, the vulnerabilities – CVE-2021-3970, CVE-2021-3971 and CVE-2021-3972 – can enable attackers “to disable security mechanisms and install their UEFI malware on the systems.” 

Finally, Google issued yet another emergency security update for all 3.2 billion users of the Chrome web browser. The update was issued following the 100th release of the browser. The update for Chrome is aimed at fixing a dangerous zero-day vulnerability, tracked as CVE-2022-136. This is the third zero-day vulnerability that has been discovered and patched in Chrome this year.

That’s all for this week. Please scroll down for links to all the top stories of the week, as well as other thought-provoking articles. Have a great weekend!

Amy 

Top Global Security News 

ZDNet (April 21, 2022) Beanstalk DeFi project robbed of $182 million in flash loan attack

Decentralized finance (DeFi) project Beanstalk has lost $182 million in a flash loan attack.

It might seem more like a corporate heist than a typical cyberattack. Still, this security incident was possible after the unknown threat actor secured the project voting rights necessary to transfer reserve funds away from the project’s liquidity pools.

On April 19, Beanstalk, a credit-based stablecoin protocol project based on Ethereum, said the platform was subject to a flash loan attack two days previously.

READ MORE

InfoSecurity (April 20, 2022) UK Government Staff Hit with Billions of Malicious Emails in 2021

UK government employees are targeted with billions of malicious emails every year and may have clicked on tens of thousands of suspicious links, according to Comparitech.

The tech comparison firm received answers from 260 government organizations to which it submitted freedom of information (FOI) requests.

From these, it then calculated that 764,331 government employees ‘received’ a total of nearly 2.7 billion malicious emails in 2021 – amounting to an average of 2399 each. Comparitech clarified to Infosecurity that by ‘received’ it meant the emails were identified by the organizations in question, and therefore likely blocked.

READ MORE 

Security Week (April 20, 2022) FBI Warns of Ransomware Attacks on Farming Co-ops During Planting, Harvest Seasons

The FBI issued a private industry notification on Wednesday to warn agricultural cooperatives about a potential increase in ransomware attacks during planting and harvest seasons.

In September 2021, the FBI warned the food and agriculture sector that an increase in ransomware attacks could impact the food supply chain. The same month, two major farming cooperatives were hit by ransomware.

The FBI now says cybercriminals could time ransomware attacks on farming cooperatives to critical seasons. These attacks could result in the disruption of operations, financial loss, and they could even have an impact on the food supply chain.

READ MORE 

Dark Reading (April 19, 2022) Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

More than 100 different Lenovo consumer laptop computers, used by millions of people worldwide, contain firmware-level vulnerabilities that give attackers a way to drop malware that can persist on a system even after a hard-drive replacement or operating system re-install.

Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) involve Unified Extensible Firmware Interface (UEFI) drivers that were meant for use only during the manufacturing process but inadvertently ended up being part of the BIOS image that shipped with the computers. The third (CVE-2021-3970) is a memory corruption bug in a function for detecting and logging system errors.

READ MORE 

Databreach Today (April 19, 2022) UK Government Reportedly Infected With NSO Group Spyware

The British government has received multiple alerts in the past two years that officials’ smartphones were infected with spyware built by Israel’s NSO Group.

So reports Citizen Lab, a research group based at the University of Toronto that investigates human rights abuses perpetrated using technology.

On Monday, the group said it had issued “multiple” alerts to the British government that it was being targeted with commercial spyware as part of apparent nation-state espionage operations.

READ MORE 

Forbes (April 17, 2022) Emergency Security Update For 3.2 Billion Google Chrome Users—Attacks Underway  

Google has now released three emergency, out-of-band, security updates for the Chrome browser in as many weeks. What’s more this one, like the first, is to fix a high-severity zero-day vulnerability that is already being exploited by attackers.

Google issued yet another emergency security update for all 3.2 billion users of the Chrome web browser. The third such update, which discloses a single high-severity vulnerability, to be rushed out in three weeks. This one, like the first of this worrying threat triumvirate, is a zero-day vulnerability: one that Google has confirmed is already being exploited by attackers.

READ MORE  

Other Industry News  

Bob’s Red Mill Reports Data Breach – InfoSecurity 

Brokers’ sales of U.S. military personnel data overseas stir national security fears – Cyberscoop 

Funky Pigeon Suspends Orders Following Cyber-Attack – InfoSecurity

Okta says Lapsus$ breach hit just two customers – ZDNet

​​​​​​​Illinois’ Lincoln College on brink of closure months after ransomware attack – EdScoop

Data Breach Goes Unnoticed for Nearly 1 Year at KS Hospital – HealthITSecurity 

6 Malware Tools Designed to Disrupt Industrial Control Systems – Dark Reading

Report: Many SMBs wouldn’t survive a ransomware attack – TechRepublic

The growing threat of phishing attacks on the mortgage industry – HousingWire 

Dark patterns: what data controllers should be aware of – Lexology