This month’s cybersecurity news recap of March and April 2022 will cover big changes in the threat landscape, a few noteworthy data breaches and the regulatory response to both along with updates on the cyber war coming out of the ongoing Ukraine conflict. The invasion and its geopolitical implications are heavily affecting conversations on network security throughout the US and Canada, although there are plenty of other factors pushing a new paradigm of cyber hygiene.
The Changing Cyber Threat & Regulatory Landscape
The current cyber threat landscape has been a topic of considerable concern among many public and private institutions, as evidenced by the many warnings coming from all directions in addition to the legislation being crafted in Congress.
Tightening Cyber Incident Reporting Regulations
In early March 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was passed and signed into law, paving the way to greater visibility into cyber incidents for law enforcement and a bigger obligation for victims of cyber attack. The regulation was built on momentum generated from the SolarWinds hack and other breaches, and entered into full swing once tensions with Russia re-escalated during the invasion of Ukraine.
You May Be Part of the US Critical Infrastructure Sector
While much of the language around the Cyber Incident Reporting for Critical Infrastructure Act has centered on energy firms, who are under constant attack, many other industries are likely to be covered by this regulation. The final list could still be decided by which agency ends up winning the fight to handle reporting, but as CISA is the likely candidate as of this writing, it could be any of those they define as a Critical Infrastructure Sector. Here are some examples:
- Chemical manufacturers and distributors
- Telecommunications firms
- Financial services firms
- IT and cybersecurity firms
- Hospitals and other healthcare facilities
- Food manufacturers, distributors and retailers
- Colleges and other educational facilities
- Various discrete manufacturing companies
Healthcare Must Watch Medical Device Cybersecurity
Medical device cybersecurity has come under FDA scrutiny since at least 2014, but with the changing threat landscape more targeted – and stringent – regulations are emerging. The FDA has brought their concerns before Congress, and now another bill is moving through both chambers – the Protecting and Transforming Cyber Health Care (PATCH) Act – which puts the emphasis on manufacturers to address security gaps in their products.
Financials Services in the Spotlight
While the Senate was still debating House amendments the Cyber Incident Reporting for Critical Infrastructure Act of 2022, the SEC was introducing its own new proposals for shortening breach reporting deadlines among its constituents. This additional regulation would put financial services organizations in the compliance crosshairs of multiple agencies, as they also occupy a Critical Infrastructure Sector covered by CISA.
List of Data Breaches March – April 2022
There were many reported data breaches (and likely many more that went unreported) throughout the first few months of 2022. A couple of these are especially noteworthy as the perpetrating gangs were thought to have dissipated in both cases. Here are some standout examples of recent breaches:
- Municipal government of East Windsor, NJ shut down systems after suspicious activity was discovered
- City of Cleveland, OH, alerted employees of a compromised account discovery
- Christie Clinic of Illinois informed over 500,000 patients that their PHI had been compromised by a third party
- HubSpot released a statement notifying customers that an internal account was breached
- MailChimp uncovered an external actor in their systems using an internal customer support tool
- Cash App was the subject of a SEC notification alerting customers to a massive PII exposure
Not Even Arrests Stop Lapsus$
A threat actor only active since at least November 2021, Lapsus$ (alternatively spelled LAPSUS$) has made several headlines in recent months for three big reasons: (1) breaching several large organizations, (2) operating while members where being arrested and (3) seemingly being made up of mostly teenagers. The even more concerning factor is the gang’s focus on social engineering, including trying extensively to recruit insiders among targets. Lapsus$’s victims so far include:
Conti Ransomware Still Active
At the onset of Russia’s 2022 invasion of Ukraine, the Conti ransomware gang found itself in the news for at first proclaiming solidarity with the Russian side of the conflict and then having to dismantle operations after an undercover security researcher leaked their files. However, it appears that the group may resumed activities and has taken credit for several breaches between March and April.
NJ Faces 10 Million Cyber Attacks a Day
The state of New Jersey revealed during a presentation in March 2022 that NJ government networks are subject to over 10 million cyber attack attempts per day. It was noted that rates have increased over recent years, as well as that the majority of these seem to originate from Russia.
You Can Be Sued for a Breach
Companies that have been breached are also increasingly subjected to lawsuits over it – the healthcare sector makes up the majority of these currently, but other industries are quickly seeing a rise in both irate customers and employees. The trend is pushing the legal system into figuring out exactly where culpability lies, with experts and even courts divided on the level of liability. Here are some examples of recent data breach lawsuits:
- Ultimate Kronos Group faces class-action suit for payroll software cloud breach
- Lakeview Loan Servicing has 2 separate lawsuits over breach that exposed over 2.5 million customers
- Creative Services, Inc., a background check firm, contends with multiple lawsuits after data leaked
- Shopify in the middle of continuous suits over cryptocurrency wallet hack
- Apple pays nearly $15 million for class-action lawsuit over third-party iCloud breach
Cyber War Updates
The war in Ukraine is still ongoing as of this writing, and though the cyber war front seemed quiet in the first few weeks of the invasion, officials and experts suspect that the increase in cyber attacks outlined above can be tied to actors within Russia. However, what is clear is that the many – including the US government – are much more alert to cyber threats than ever before, and taking proactive action.
Law Enforcement Goes After Russian Hacking
US law enforcement agencies are cracking down on hacking operations tied to Russia, from individual indictments and business sanctions to outright removing malware from infected victims. The latter is one of the most potentially impactful – and controversial – of these activities, as the FBI and Justice Department directly intervened with the networks of private businesses that were not moving fast enough to counter the compromise.
New Cyber Attacks on Ukraine Power Grid
A cyber attack that many predicted and feared seemed to materialize as Ukraine’s power grid suffered its third major breach attempt in 7 years; however, as with many of the other digital assaults on the onset of the war, widespread damage was averted this time. With help from Microsoft and others, Ukrainian officials claimed they were able to fight back against a malware infection targeting both IT and OT systems.
Russia Gets Hacked
After hacktivist collective Anonymous declared a campaign against Russia in opposition to the invasion, an affiliate hacker group claimed to have managed to breached Russia’s space agency among other targets antivirus provider Kaspersky (suspected by some to be tied to Russian intelligence services). It was revealed that some of their attacks used the code leaked from the Conti ransomware gang, which had also proven their direct contact with Russian officials.
Get More Cybersecurity News from SWK Technologies
Keep an eye on the evolving cybersecurity situation – from new regulations to fallout from the ongoing conflict – by staying up to date on the latest news with SWK Technologies. If you have any questions or concerns in particular, feel free to reach out to us and have a conversation with one of our experts.
Contact SWK here to learn more about the current state of cybersecurity, recent updates in the field and what you can do to protect your business from cyber attack.
Discover More Cyber News Updates