Welcome to the Threat Landscape Update Report for March 2024.

March report covers

• Reports of political espionage by China, specifically the compromise of the UK Electoral Commission by Chinese state-sponsored attackers.
• The FBI's report on the increase in ransomware attacks against critical infrastructure, with a significant rise in reported attacks and losses.
• Notable IoT vulnerabilities, such as the Saflok RFID-based keycard locks and the CVE-2019-7256 in the Nice Linear eMerge E3-Series operating system.
• Disagreements between organizations in the cybersecurity industry regarding responsible disclosure practices and the effectiveness of detection and remediation tools.
• Updates on the ransomware industry, including the closure of major players like BlackCat/ALPHV and the impact on the Ransomware as a Service industry.

These issues underscore the diverse and evolving nature of cybersecurity threats faced by organizations in March 2024.

1. Political Espionage by China: The report highlights instances of political espionage by China, specifically mentioning the compromise of the UK Electoral Commission by Chinese state-sponsored attackers. This indicates a concerning trend of state-sponsored cyber attacks targeting critical government institutions, potentially for espionage or influence operations.
   
2. Increase in Ransomware Attacks: The FBI's report reveals a significant increase in ransomware attacks against critical infrastructure. The statistics show an 18% rise in reported ransomware attacks compared to the previous year, with a 74% increase in losses due to these attacks. Of particular concern is the 37% increase in attacks against critical infrastructure organizations, underscoring the heightened risk faced by essential services and infrastructure.
3. IoT Vulnerabilities: The report highlights significant vulnerabilities in IoT devices, such as the Saflok brand of RFID-based keycard locks used in millions of hotel doors worldwide. The slow patching process for these vulnerabilities poses a serious security risk, as only a fraction of affected locks have been updated so far. Additionally, the inclusion of CVE-2019-7256 in the Nice Linear eMerge E3-Series operating system further emphasizes the critical need for timely patching to prevent remote code execution attacks.
4. Cybersecurity Industry Disagreements: The disagreements between cybersecurity organizations, such as JetBrains and Rapid7, over responsible disclosure practices, and the dispute between CISA and Ivanti regarding the effectiveness of detection and remediation tools, highlight internal challenges within the industry. These disagreements can impact collaboration and information sharing, potentially hindering collective efforts to combat cyber threats effectively.
5. Ransomware Industry Updates: Recent developments in the ransomware industry, including the closure of major players like BlackCat/ALPHV and the subsequent crisis of trust within the Ransomware as a Service sector, demonstrate the dynamic nature of cyber threats. The exit scam carried out by BlackCat/ALPHV against their affiliates, coupled with the takedown of Lockbit, underscores the ongoing battle between defenders and threat actors in the ransomware landscape.