Top news stories this week
- Breached. Google confirms Iran hack on US presidential campaigns as FBI investigates.
- Scammed. USD 60 million stolen from Orion in business email compromise scam.
- Dispossessed. International law enforcement operations see takedown of ransomware operators.
- Consensus. UN committee unanimously agrees on controversial cybercrime treaty.
- Patching spree. Microsoft, SolarWinds, and Ivanti release patches for critical vulnerabilities.
- Cyber attacks. Australian mining company and Swiss manufacturer suffer breaches.
1. Google confirms Iran hack on US presidential campaigns as FBI investigates
The FBI is investigating claims that hackers stole sensitive documents from Donald Trump's presidential campaign, days after the former president said the campaign had been hacked by Iran.
The news follows a report from Google’s Threat Analysis Group which highlights the efforts of an Iranian state-backed threat actor, tracked as APT42, to target the Trump and Biden-Harris campaigns as part of a broader email phishing operation.
So What?
State-backed hackers such as APT42 will continue to target US presidential campaigns as the election draws closer.
To discuss the potential influence of cyber threat actors on the upcoming US election in more detail, reach out to Paul Caron, S-RM's Head of Cyber Security, Americas.
[Researcher: Waithera Junghae]
2. USD 60 million stolen from Orion in business email compromise scam
Luxembourg-based carbon black supplier Orion has revealed it was a victim of a business email compromise scam, which saw USD 60 million stolen from its accounts. The company said an Orion non-executive employee was tricked into making multiple payments to accounts controlled by scammers.
So what?
While fraudsters are employing scamming techniques that are increasingly targeted, well-crafted and therefore difficult to spot, organisations should adopt additional verification steps for transactions and require dual authorisation for all significant financial payments.
[Researcher: Milda Petraityte]
3. International operation brings down Radar/Dispossessor as US brings charges against creator of first ever RaaS
The FBI has taken control of the servers and websites belonging to the Radar/Dispossessor ransomware operation as part of a joint operation with the UK National Crime Agency (NCA) and other law enforcement authorities.
Separately, the US charged 38 year old Maksim Silnikau, a Belarusian-Ukrainian cyber criminal, with multiple offences including operating Ransom Cartel and creating the first ever ransomware-as-a-service (RaaS) Reveton ransomware in 2011. The NCA, which helped build the case against Silnikau, announced it had been investigating him since 2015 prior to his arrest in Spain last year.
So what?
Law enforcement efforts to combat cybercrime often demand international coordination as well as extensive time and resources to yield results.
[Researcher: Lawrence Copson]
4. UN committee agrees on cybercrime treaty despite human rights concerns
The UN Ad Hoc Committee on Cybercrime unanimously reached an agreement on a cybercrime treaty initially proposed by Russia, ending nearly three years of negotiations. The treaty, which has faced widespread criticism for not addressing human rights issues, will next be put to a vote at the UN General Assembly and will be ratified if approved by the majority.
SO WHAT?
Reaching consensus on a cybercrime treaty is a significant milestone. However, it remains to be seen what the real world impact will be if the treaty is ratified.
[Researcher: Lena Krummeich]
5. Multiple critical vulnerabilities addressed by Microsoft, SolarWinds, and Ivanti
Microsoft has released patches for 90 flaws in its August edition of Patch Tuesday, including nine critical vulnerabilities. One of which is a remote code execution vulnerability that could be exploited by an unauthenticated attacker repeatedly sending crafted IPv6 packets.
Separately, SolarWinds has addressed a critical issue with its Help Desk Solution that could allow remote code execution. In addition, Ivanti alerts its customers to a severe authentication bypass vulnerability affecting its Virtual Traffic Manager that can allow attackers to create administrator accounts.
SO WHAT?
Patching critical vulnerabilities should be performed in a timely manner, ideally within a 48 hour window as best practice stipulates, to avoid being at risk of an attack.
[Researcher: Adelaide Parker]
6. Evolution Mining and Schlatter Industries suffer cyber attacks
Australian gold mining company Evolution Mining has reported a ransomware incident impacting its IT systems. The company stated that the attack has been contained and they do not believe it will materially impact operations. No ransomware group has claimed responsibility for the attack.
Separately, Schlatter Industries has declared it fell victim to an unspecified cyber attack. The group took measures to immediately limit the damage and investigations are still ongoing to determine whether data was exfiltrated.
So what?
A ransomware tabletop exercise is vital for organisations to minimise disruptions by testing response plans, identifying weaknesses, and enhancing overall preparedness against potential cyber attacks.
[Researcher: Jon Seland]