Cyber Security Headlines Week in Review: Royal ransomware warning, water system warning, cloud exploitation rising

This week’s Cyber Security Headlines – Week in Review, March 6-10, is hosted by Rich Stroffolino  with our guest, Nick Espinosa, Host, The Deep Dive Radio Show (Daily Podcast & Daily Videos)

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at

U.S. Government warns of Royal ransomware attacks against critical infrastructure

CISA issued an advisory on Thursday warning of an increased threat posed by Royal ransomware. This is the second warning the U.S. government has issued about Royal ransomware in recent months. In December, the U.S. Department of Health and Human Services (HHS) warned hospitals and organizations in the healthcare sector to stay on alert for Royal ransomware attacks. In this bulletin, CISA states, “Royal ransomware attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education,” and it encourages network defenders to review theirs ransomware advisories and apply the included mitigations. 


EPA releases cybersecurity notice for water systems

The US Environmental Protection Agency released an advisory warning that water systems in the US are increasingly vulnerable to cyberattacks. This comes from both cybercriminal and state-affiliated actors. The Biden administration announced it would make it mandatory for states to conduct security audits on their water systems. The EPA already released guides to security audits for these systems, and will provide technical support for future assessments. The advisory also included public disclosure of three recent ransomware attacks on water systems in California, Maine, and Nevada. This included one where threat actors compromised a system used to control SCADA industrial controls. 

(Security Affairs)

Cloud exploitation on the rise

A new report from CrowdStrike found overall cloud exploitation against organizations increased 95% on the year, with cases involving “cloud-conscious” threat actors nearly tripled. Overall the report confirmed recent finding that attackers continue to increase efficiency, with breakout time down 15% on the year to just 84 minutes. Overall the report found 71% of attack malware-free. Unsurprisingly, the report found that social engineering tactics also increased on the year, particularly targeted around getting around SMS-based multifactor authentication with things like SIM swapping. 

(Security Magazine)

Bipartisan bill allows for US ban of TikTok

On Tuesday, US senators introduced bipartisan legislation, called the RESTRICT Act, that would give the Commerce Department the ability to ban foreign technology deemed a national security risk. National Security Agency Director Paul Nakasone expressed concerns about TikTok collecting personal data of US citizens and potentially carrying out influence operations. TikTok spokeswoman Brooke Oberwetter said that the RESTRICT Act was unneeded because the White House can simply approve the deal that it has been negotiating with the company for over two years. She added,  “A U.S. ban on TikTok is a ban on the export of American culture and values to the billion-plus people who use our service worldwide.”

(The Record)

Thanks to today’s episode sponsor, Packetlabs

Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide at and get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization’s security needs.

Cybersecurity leaders are stressed about email security

According to the 2023 Email Security Risk Report from Egress, 91% of the cybersecurity leaders said that company data has been leaked externally by email. The top three causes of the leaks were reckless employee behavior, human error, and intentional data exfiltration. Forty-eight percent of leaks resulted in employees exiting the organization and 49% suffered financial losses due to customer churn. The report also revealed that 86% of surveyed organizations were impacted by phishing emails, with 85% reporting that such attacks resulted in a successful account takeover. Forty percent of phishing incidents resulted in employees exiting the organization. Finally, over 95% of cybersecurity leaders are frustrated with the limited effectiveness of both their secure email gateway and security awareness and training programs. The report ultimately highlights that advanced email security is a necessity for everyday business. 

(Dark Reading)

Biden’s budget seeks increase in cybersecurity spending

President Biden’s budget proposal for fiscal year 2023 calls for wide-ranging investments to boost the cybersecurity resilience of the U.S. government and to implement his recently released cyber strategy, which calls for a whole-of-government approach to boosting U.S. digital defenses. CISA would get a total of $3.1 billion, an increase of $145 million compared to last year. That includes $98 million to implement the Cyber Incident Reporting for Critical Infrastructure Act and $425 million to improve internal cybersecurity and analytical capabilities. With Republicans in control of the House of Representatives, Biden’s budget has no chance of being passed into law. Instead, the proposal released Thursday represents a signaling document ahead of what is likely to be a bitter negotiation between Republicans and Democrats over government spending levels.


The impact of AI-tools on email attacks

The security firm Darktrace reports its seen an increase of threat actors using artificial intelligence tools to operate sophisticated scams and operations since the general release of OpenAI’s ChatGPT. While the number of email attacks against its clients remained consistent since then, it say a decrease in emails attempting to get users to click on malicious link, while linguistic complexity of malicious messages increasing. Darktrace did not see these tools lowering the bar of entry for new threat actors, rather it seems to be existing actors shifting tactics to use them. 

(The Guardian)