Royal ransomware emerges as a major threat | Cyber Intelligence Briefing: 16 December

This is our final briefing for 2022. Following a two-week break for the festive period, we’ll be back with the next edition on 6 January 2023.

Top news stories this week

1. Coming for the crown. Royal ransomware emerges as a major threat. 
2. Operation 'Power Off'. International law enforcement takes down major DDoS-for-hire service. 
3. Nightmare before Christmas. Government organisations targeted in ransomware attacks. 
4. Vendor risk. Uber impacted again after security incident at third-party vendor. 
5. Change in strategy. Japan to legalise offensive cyber operations. 
6. Keep patching. Microsoft, Fortinet, and Citrix patch software vulnerabilities. 

1. Royal ransomware emerges as a major threat  

S-RM has observed a significant increase in attacks involving the Royal ransomware strain, which was first detected in early 2022. The ransomware partially encrypts files in a way that evades conventional anti-virus and defence mechanisms. Security researchers have also noted similarities with Conti’s ransomware. 

So what?

Threat actors seek to find novel techniques to compromise their victims. Adopting a multi-layered defence strategy that makes use of threat intelligence, employee training, and protection/detection security solutions will reduce the likelihood of a compromise.  

2. Major DDOS-for-hire platforms taken down 

Law enforcement agencies in the US and Europe have taken down 48 domains involved in selling distributed denial of service (DDoS) attacks. DDoS attacks flood target websites with malicious traffic to the point that they are unable to respond. One of the websites was used to carry out more than 30 million attacks according to Europol. 

So what?

While DDoS attacks are unsophisticated, they have a low barrier to entry for criminals and can have significant reputational and financial consequences. Consider implementing protective measures such as load balancers in your network to mitigate the impact.

3. Ransomware groups attack government organisations  

The ransomware group LockBit has claimed to have stolen 76 GB of data from the California Department of Finance. The department has confirmed it is responding to a cyber security incident. LockBit has set a deadline of 24 December to receive the ransom payment. 

Separately, the Play ransomware group has claimed responsibility for an attack on the Belgium city of Antwerp. The breach of the city’s IT provider Digipolis took place last week and caused disruptions to various IT, email, and telephone services throughout the city.

So what?

When public organisations are hit by ransomware, the knock on impact can be significant. Public-facing organisations should build resilience by investing in ransomware readiness assessments.

4. 77,000 employee details leaked in Uber data breach 

Uber has suffered its second data breach of the year after the details of over 77,000 employees were leaked on a dark web forum. The employee details were leaked after hackers reportedly gained access to Uber’s IT asset management providers.

So what?

A company is only as secure as its weakest link. Attackers often target an organisation’s third-party vendors in hope that poor security practices will grant access to the end target. Carrying out regular vendor assessments is one way to help mitigate this threat.

5. Japan plans for cyber operations

The Japanese government plans to amend its legislation to allow it to engage in offensive cyber operations against foreign hackers. These amendments will allow the government to retaliate during attacks against private sector companies and critical infrastructure.  

So what?

Sometimes the best defence is offence. Consider investing in penetration testing services to ensure your network perimeter is secured.