This Week in Cyber 20th January 2023

Royal Mail Still Being Affected by Recent Cyber Attack

On Tuesday 17th of January, Royal Mail CEO Simon Thompson confirmed to a parliamentary committee that the ongoing disruption to the postal service has been caused by a cyber-attack, nearly a week after it occurred. It is believed no customer data has been compromised but Royal Mail is prepared for that situation to change, and they have already notified the UK Data Protection Regulator. Thompson refused to answer details relating to the attack, claiming it would be 'detrimental' to the ongoing investigation, but added there would be 'more news to share' soon. Significant disruption is still occurring with packages being shipped and received internationally from / to the UK, with no estimation on when it will end. A public facing representative for LockBit, the ransomware group supposedly responsible for the attack, initially denied involvement, blaming another group. However, another post was found by the same representative seemingly admitting the attack.

NCSC and LGfL Release Report on Cyber Attacks in Schools to Raise Awareness

The National Cyber Security Centre and LGfL have collaborated to produce a report on Cyber Attacks in schools to raise awareness and improve security. 805 schools from 143 local authorities took part in the survey and it is interesting to compare results to the last survey, carried out in 2019. Key findings from this latest report include: 26% of schools had experienced email spoofing; there was an increase in the number of schools offering cyber security training to staff but 45% of schools still do not offer this; Nearly 50% of schools do not report on cybersecurity matters to school leadership and nearly 50% of schools do not feel prepared for a cyber-attack or have business continuity planning in place.

Visit the LGfL page here to download the reports.

Cisco Ending Support for Business Routers With Known Vulnerabilities

The Small Business RV016, RV042, RV042G, and RV082 routers are vulnerable to multiple known exploits however Cisco has decided not to patch them. The exploits CVE-2023-20025 and CVE-2023-20026 have been attached to these routers and can allow improper validation of user input and allowing administrators to gain root access. Cisco have simply stated ‘Cisco Small Business RV016, RV042, RV042G, and RV082 Routers have entered the end-of-life process’. It is important for all organisations to routinely check whether their older hardware/software are still being supported to minimize the attack vectors a threat actor may exploit.

Sophos Firewall Devices Vulnerable to RCE Attacks

Security researchers have identified over 4000 Sophos Firewall devices exposed to the internet which are vulnerable to attacks targeting a Remote Code Execution (RCE) Vulnerability. CVE-2022-3236 was disclosed by Sophos in September 2022 and a hotfix was released in December 2022. The fact that so many public facing devices are still vulnerable highlights how important it is to have well defined vulnerability & patch management processes in place.

Researchers Make ChatGPT Text AI Create Polymorphic Malware

Cybersecurity researchers at CyberArk have been able to use ChatGPT to create polymorphic malware following a series of text-based interactions. According to a recent write up by security researchers Eran Shimony and Omer Tsarfati, and shared with cyber news company, Infosecurity, the malware generated by ChatGPT could 'easily evade security products and make mitigation cumbersome with very little effort or investment by the adversary.' Researchers at CyberArk were able to bypass the filters to stop the AI creating malicious tools by repeating the same question over and over with more authority. Furthermore, they noted that the API version doesn't seem to utilise the content filter at all, but they are unsure as to why this could be the case. Updated malicious code was also able to be created by inputting the original back into it, allowing unique mutations to be created on a whim without the cost or time constraints a threat actor might currently have to think keep in mind. The report has come days after Check Point Research discovered that ChatGPT is already being used to develop malicious tools including infostealers and encryption tools.