Hello, RSAC friends, and Happy New Year! The countdown is on to RSA Conference 2023.
As I watch the snow fall outside my window, I’m both excited to hit the slopes over the next few months and filled with anticipation for the warmth of spring. Living in the moment is such a challenge, particularly in cybersecurity. While defenders keep a close eye on what’s happening in their systems today, they must also be mindful of protecting against new and emerging threats.
Vulnerabilities and risks in the metaverse were undoubtedly a trend we saw in the submissions for RSA Conference 2023. Whether it’s virtual reality, augmented reality, or mixed reality, our human reality is deeply intertwined with technology in ways that are both exciting and alarming. Though people of all ages are becoming more emersed in the virtual world, Derek Manky, Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs, is concerned about what he called “virtual insanity.” Manky warned about the risk of social engineering, noting, “While these new virtual spaces will provide untold opportunities, they also set the stage for an unparalleled rise in cybercrime.”
Equally as concerning as the threat of social engineering is the potential for software vulnerabilities to be exploited by malicious actors. At this week’s CES 2023, CISA Director Jen Easterly warned, “We live in a world…of massive connections where that critical infrastructure that we rely upon is all underpinned by a technology ecosystem that unfortunately has become really unsafe.”
Indeed, while we are only six days into the new year, we have certainly seen confirmation of Easterly’s assertion. Here’s a look at what made cybersecurity headlines this week.
Jan. 6: Infosecurity Magazine reported, “Rackspace has released more details of a ransomware attack in December that caused disruption for its Hosted Exchange customers, claiming that threat actors accessed files that may have contained emails, contacts and other details.”
Jan. 6: According to the BBC, “Highly confidential documents from 14 schools have been leaked online by hackers.”
Jan. 5: Malicious actors are increasingly targeting the satellite arena and are “more likely to be advanced persistent threats (APTs) sponsored by nation-states — often looking to disable satellites and spacecraft,” according to news from Dark Reading.
Jan. 5: Users running the latest version of the WhatsApp app can now connect via proxy servers in the event of internet shutdowns or blocked access.
Jan. 5: “Cybersecurity company Bitdefender has released a decryptor for the MegaCortex ransomware, which was used in attacks globally before police raids hindered its operations,” according to The Record.
Jan. 5: Reuters reported, “Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum.”
Jan. 4: After a woman reported to authorities that her daughter was the victim of cyberbullying, computer experts at the FBI conducted an investigation that revealed the mother herself was the perpetrator who had targeted her own daughter with thousands of vicious hate messages online.Jan. 3: A group of hackers reportedly discovered vulnerabilities in automotive APIs in companies from Kia to BMW and Ferrari.