The Week in Security: Ransomware attacks close out 2022 with a bang, PyTorch compromise explored

This week: The tail-end of 2022 was plagued by ransomware attacks on critical infrastructure. Also: A break-down of the PyTorch software supply chain attack.

This Week’s Top Story

Ransomware spree rings in a rough start to 2023

Last year was plagued by ransomware attacks on critical infrastructure entities, such as government offices, schools, utility providers and hospitals. BleepingComputer compiled data from several sources, and found that in the U.S. alone last year, ransomware attacks hit 105 counties, 44 universities, 45 school districts, and 24 healthcare providers.

As we entered 2023 this week, it has already become clear that this year will be no different than the last. Several headlines from just this week have already reported several ransomware attacks on education, transportation and government sectors globally, all taking place at the tail-end of 2022.

Education entities in particular were hit hard. In Massachusetts, both a community college and a school district were targeted, resulting in canceled classes and shut-downs of vital online services for students, staff and faculty. Louisiana’s Xavier University also suffered a ransomware attack. Vice Society, a ransomware group known for targeting education, claimed responsibility for it and leaked the sensitive personal data of students and staff. And the Queensland University of Technology, one of the biggest universities in Australia, was targeted by the Royal ransomware gang, causing the university to shut-down all of its IT systems in an effort to prevent the attack’s spread.

Essential government services were also harmed. In Los Angeles, the city’s housing authority is currently investigating a “cybersecurity incident,” which the Lockbit ransomware gang has claimed responsibility for. Over 19,000 low-income families in the city rely on the Housing Authority, and the ransomware gang’s listing on the dark web claims Lockbit stole 15 terabytes of data from the office.

The Lockbit gang also targeted the Wabtec Corp., an American rail and locomotive company. Wabtec’s announcement regarding the incident shared that the threat actors compromised their network as early as March 2022, but it was not determined until late November 2022 that personal information found in the company’s network was compromised.

The year ended with a bang when it came to ransomware attacks on critical infrastructure, making this threat a key concern for the new year. Attacks will continue in 2023, posing a continuing problem to organizations of all types.

News Roundup

Here are the stories we’re paying attention to this week…

PyTorch supply chain attack: Dependency confusion burns DevOps (Secure Software Blogwatch)

A classic dependency confusion attack revealed itself last week. The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI.

Hacker selling data allegedly stolen from Volvo Cars following ransomware attack (Security Week)

A hacker is offering to sell data allegedly stolen from Swedish vehicle manufacturer Volvo Cars following a ransomware attack carried out in late December. The data was put up for sale on a public hacker forum on December 31.

New shc-based Linux malware targeting systems with cryptocurrency miner (The Hacker News)

A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. shc allows shell scripts to be converted directly into binaries, offering protections against unauthorized source code modifications.

Europe's cybersecurity dance card is full (The Washington Post)

Europe has become a nucleus of cyber policymaking in recent months, taking action on software security and swift disclosure of major cyberattacks. Lorena Boix Alonso, the European Commission's top cybersecurity official, said the commission was already "very, very, very, very busy" over the last two years.

Understanding infrastructure-as-code risks in the cloud (DarkReading)

Infrastructure as code (IaC) has gained rapid popularity for its ability to automate the management and provisioning of IT infrastructure. But, like any technology, these gains aren't without some pain.