Welcome to this week’s edition of Nomios Weekly CyberWednesday, where we bring you the most important cybersecurity and networking updates worldwide. This week’s news covers significant incidents, new vulnerabilities, and evolving threats that could affect IT professionals and large enterprises across Europe.
1. EU Commission reviews NIS2 Directive to define "significant cybersecurity incidents"
The European Commission is in the process of defining what constitutes a "significant cybersecurity incident" under the updated NIS2 Directive. The directive aims to strengthen cybersecurity across EU member states, particularly for essential energy, transport, and healthcare services.
The review focuses on creating clear guidelines for reporting cybersecurity incidents and determining the threshold for what should be considered significant. For CISOs, the upcoming changes will likely mean enhanced reporting obligations and stricter penalties for failing to meet cybersecurity standards. Source: Euractiv
2. Russian state hackers invade Dutch police through major attack
In a worrying development, the Dutch police have confirmed that their systems were hacked by Russian state hackers. The attack, which resulted in the capture of sensitive data of 63,000 employees, began when a police volunteer clicked on a malware link. This was part of a wider cyberespionage campaign targeting law enforcement and government agencies in Europe.
The hackers penetrated the police system through a malicious link that gave access to Outlook and possibly Microsoft Teams. While the full extent of the attack has not been made public, this intrusion highlights the vulnerability of public institutions to sophisticated cyber attacks by state actors. This incident reminds security teams in both the public and private sectors of the need to review their defences against Advanced Persistent Threats (APTs). Source: Tweakers
3. Cloudflare thwarts largest-ever 3.8 Tbps DDoS attack
In a remarkable show of defence, Cloudflare successfully mitigated the largest distributed denial-of-service (DDoS) attack recorded to date, peaking at a staggering 3.8 Tbps. The attack was highly automated and originated from over 30,000 devices, targeting a global financial services company.
The attack highlights the growing sophistication and scale of DDoS operations, which can disrupt critical online services and cause significant financial losses. This incident underscores the importance of implementing strong DDoS mitigation strategies, particularly for financial institutions and other high-profile sectors that are frequent targets of these attacks. Source: The Hacker News
4. Ransomware costs critical infrastructure billions in 2024
Ransomware continues to wreak havoc on critical infrastructure, with costs from ransomware attacks escalating into the billions this year. Sectors such as healthcare, energy, and transportation have been hit particularly hard, as ransomware groups like LockBit and BlackCat focus on high-value targets that cannot afford downtime.
Many attacks have resulted in operational disruption, regulatory fines, and costly recovery efforts. The growing reliance on connected systems means that even a short outage can cause widespread disruption. For CISOs, this highlights the critical importance of having both incident response plans and strong backups in place to minimise the impact of ransomware attacks on essential services. Source: SecurityWeek
5. Stealthy Perfctl malware infects thousands of Linux servers
A new, highly evasive malware dubbed "Perfctl" has been discovered infecting thousands of Linux servers globally. Perfctl is designed to remain undetected for extended periods while allowing attackers to exploit infected systems to carry out data theft, cryptomining, and lateral movement.
The malware specifically targets Linux servers, which are often the backbone of enterprise IT infrastructure. The attack's stealthy nature makes it particularly dangerous, as infected servers may continue to operate normally while compromising sensitive data. Organisations running Linux-based systems should prioritise patching and use threat detection tools to identify signs of compromise. Source: SecurityWeek
6. Thousands of DrayTek routers vulnerable to 14 new exploits
Researchers have discovered 14 new vulnerabilities in DrayTek routers, which are commonly used by businesses to manage remote access and VPNs. These flaws, if exploited, allow attackers to take full control of the routers, potentially intercepting traffic, injecting malware, or launching DDoS attacks.
Given the critical role that routers play in managing network traffic, these vulnerabilities pose a severe threat to enterprise networks. Organisations using DrayTek routers should immediately apply the recommended patches and review their network security architecture to minimise the risk of exploitation. Source: Dark Reading
7. Pro-Ukrainian hackers target Russian critical infrastructure
Pro-Ukrainian hacktivists have reportedly launched a series of attacks on Russian critical infrastructure, aiming to disrupt government operations and military communications. These attacks are part of the ongoing cyberwarfare linked to the Ukraine-Russia conflict and are believed to be retaliatory actions in response to Russian cyber operations targeting Ukraine.
The hacktivists used a mix of defacement attacks, data exfiltration, and DDoS campaigns to hinder operations at several Russian government agencies. This event is a reminder that geopolitical conflicts are increasingly being fought on the cyber front, with both state-sponsored and independent groups targeting each other's infrastructure. European enterprises should be mindful of how these conflicts may indirectly affect their cybersecurity landscapes. Source: The Hacker News
8. MITRE launches AI incident-sharing initiative
MITRE has announced a new AI incident-sharing initiative aimed at helping organisations report and respond to security incidents involving artificial intelligence systems. As AI becomes more embedded in enterprise operations, the potential for AI-related security incidents grows, whether through data manipulation, exploitation of machine learning models, or the use of AI in sophisticated cyberattacks.
The goal of MITRE's project is to create a platform where organisations can share real-time information about AI-related incidents, promoting collaboration and improving AI system security. Organisations leveraging AI technologies should consider participating in this initiative to stay ahead of evolving AI-based threats. Source: SecurityWeek
9. iPhone VoiceOver feature leaks user passwords
A vulnerability in Apple’s VoiceOver accessibility feature was found to be leaking user passwords aloud, posing a significant privacy risk. The issue allows attackers to trigger the feature remotely, enabling them to hear passwords and other sensitive information without the user’s consent.
This flaw is particularly concerning for enterprises where iPhones are used as corporate devices. The ability for attackers to obtain sensitive information could lead to credential theft and wider system compromise. Apple has issued a patch to address the vulnerability, but organisations should ensure that all devices are updated promptly. Source: Dark Reading
10. Single HTTP request exploit hits 6 million WordPress sites
A critical vulnerability has been found in WordPress that allows attackers to exploit websites with a single HTTP request. The exploit targets a specific plugin, leaving over six million websites vulnerable to remote code execution (RCE) attacks. Attackers could use this flaw to take over websites, steal data, or inject malicious code.
Given WordPress's widespread use in both personal and enterprise environments, this vulnerability could have far-reaching consequences. Website administrators are urged to apply the latest security patches and implement strong access control measures to prevent exploitation. Source: Dark Reading
Stay ahead of the latest cybersecurity developments by keeping an eye on these stories, and ensure your organisation's security protocols remain up to date.
Do you want to know more about this topic?
Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.