This week in ransomware, Lazarus rising, and malware games you don’t want to play
Posted by: GuidePoint Security
Published 11/4/21, 9:30am
Cybersecurity News for the Week of 10/25/21
Last week was an extremely busy one for threats, hackers, and attacks. In this cybersecurity news roundup, we’ll take a look at the various ransomware activities of the last week, the dangerous activities of the North Korean hacking group known as Lazarus, and the discovery of new malware based on an extremely popular streaming TV series.
- This week in ransomware: SQL injection bugs, FBI Ranzy warnings, Russian attacks on a gun rights advocacy group, and more
- Lazarus rising: North Korean state hackers focused on IT supply chain
- A game you can’t win: threat actors leveraging hit TV series Squid Game for threats and scams
Cybersecurity News Final Thoughts
US infrastructure, transportation, and food supplies are increasingly under threat from attacks on the supply chain. Recent attacks have disrupted gasoline distribution and agriculture and dairy supplies. Supply chain attacks have also targeted third-party software providers, data storage solutions, development or testing platforms, and website building services.
This week we feature yet another story on current supply chain attacks—this one involving the North Korean state-sponsored criminal gang known as Lazarus, who are currently targeting the IT supply chain. In addition, Microsoft warned this week of new supply chain attacks by the Russian-backed Nobelium Group, responsible for the devastating SolarWinds attack, one of the most widespread and sophisticated cybercrime operations of all times. In its latest attack, Nobelium remains focused on the global IT supply chain, targeting at least 140 technology resellers and service providers, including many based in the U.S. Microsoft believes that at least 14 of these organizations have already been compromised.
An organization’s supply chain greatly expands an organization’s attack surface, and third-party vendors and suppliers are going to have varying degrees of security. To mitigate risk, it is important to engage in the following cyber supply chain risk management best practices:
- Integrate supply chain risk management across the enterprise.
- Create a formal supply chain risk management plan and program.
- Understand your enterprise cyber supply chain and identify and document all staff, contractors, vendors, and suppliers with system access.
- Assess and monitor all cyber supply chain relationships.
Remember—an organization is only as strong as its weakest link.
GuidePoint Security