It may be the shortest month, but February brought no shortage of bad behavior by cybercriminals. In our latest cyber attack roundup of the ever-thriving world of cybercrime, we look at a disturbing theft from one of the United States’ most secretive government organizations, a long-running ransomware tie-up for a major media company, a never-ending nightmare for a security-minded internet company, and the latest of many breaches for one of the backbones of the modern web.

$11.5 trillion. That’s the amount predicted global cybercrime will cost in 2023. As cyber attacks continue to evolve, becoming more damaging and more devious, organizations are desperate for comprehensive, proactive solutions. For many, that means a security operations center (SOC).

On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows for unauthenticated execution of arbitrary code. The vulnerability was responsibly disclosed to Cisco by a security researcher, and security patches are available to remediate the vulnerability.

On February 27, 2023, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service.

Once again, Arctic Wolf has taken the temperature of organizations across the globe to determine how the cybersecurity landscape of 2022 is shaping their 2023 concerns and actions. While the survey covered a number of topics, one stood out: ransomware. 48% of organizations ranked ransomware as their number one concern for the coming year. While that’s down from 70% in 2022, it doesn’t mean that ransomware is going away.

The financial services industry is under constant threat from cybercriminals, thanks to the large amounts of money and data they move and store. In fact, financial services businesses suffer 300 times more cyber-attacks than companies in other sectors, and the cost of downtime is among the highest in any industry. 57% of IT professionals say their organizations can’t tolerate the loss of mission-critical applications for a full hour, with 15% reporting they can’t tolerate ANY downtime.

As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware intrusion that exploited a Mitel MiVoice VoIP appliance, we have observed a shift in the group’s Tactics, Techniques, and Procedures (TTPs).

On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities were discovered by Fortinet’s Product Security team.