26 July 2024

7 min read

Criminals cash in on CrowdStrike outage | Cyber Intelligence Briefing: 26 July

July 2024
Cyber criminals exploit CrowdStrike outage

Top news stories this week

  1. Hacklash. Cyber criminals cash in on CrowdStrike outage for phishing and malware delivery.
  2. Amber alert. NHS warns of ongoing blood shortage following ransomware attack.
  3. Going solo. Ransomware affiliates shun larger Ransomware-as-a-Service operations.
  4. Law & Order. UK and US take action against cyber criminals including MGM Resorts hacker.
  5. Blown over. US District Court dismisses major portion of SEC lawsuit against SolarWinds.
  6. Power off. UK and Spanish law enforcement target major DDoS platforms.
  7. Public sector. LA County courts suffer ransomware attack and Greek Land Registry suffers data breach. 

Zywave IR Team of the Year 2024

 

1. Cyber criminals exploit CrowdStrike outage for phishing and malware delivery

In the aftermath of the global IT outage, CrowdStrike has warned about a number of phishing campaigns targeting customers in different regions, including with malware disguised as updates to its Falcon Sensor software. Last week’s outage has now been blamed on a bug in an internal testing tool, and is projected to cause losses of over USD 5.4 billion for US Fortune 500 companies.

So What?

Cyber criminals are quick to adapt to major news developments. Organisations should train employees to treat any unsolicited communications with caution, particularly if they reference topical events.

[Researcher: Milda Petraityte] 


2. NHS issues amber alert over blood shortages following ransomware attack on Synnovis

The NHS has imposed limits on the use of O-negative blood in hospitals amid shortages which have been exacerbated by a recent ransomware attack. Known as universal blood type, O-negative is usually reserved for emergencies or when a patient’s blood type is unknown. Hospitals have been forced to dip into reserves after a ransomware attack on pathology services provider Synnovis prevented them from running tests.

So what?

Healthcare organisations should ensure they prioritise patient safety and emergency care provision in the case of system outages, but short-term disaster recovery plans are often not sustainable in the long run.

[Researcher: James Tytler]


3. Ransomware affiliates shun prolific Ransomware-as-a-Service operations

A threat assessment published by Europol has indicated that ransomware affiliates are increasingly turning away from prolific Ransomware-as-a-Service (RaaS) operations in favour of deploying independently developed ransomware using leaked builders. The report highlights recent law enforcement disruption and ransomware exit scams as instrumental in causing disillusionment with larger more established groups.

So what?

The fragmentation of the RaaS ecosystem isn’t expected to lead to a decline in ransomware attacks but will result in an increase in the unpredictability of threat actor behaviour.

[Researcher: David Broome]


4. MGM Resorts hacker arrested as US sanctions Russian and North Korean cyber criminals 

UK police have arrested a 17-year-old over his alleged involvement in the 2023 MGM Resorts ransomware attack carried out by hacking group Scattered Spider.

In the US, Russian nationals Ruslan Astamirov and Mikhail Vasiliev plead guilty to participating in ransomware attacks carried out by the disrupted ransomware group LockBit. The US also imposed sanctions on Yuliya Pankratova and Denis Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn, for cyber attacks on US infrastructure, and on North Korean Rim Jong Hyok for carrying out ransomware attacks on hospitals.

SO WHAT? 

These actions highlight ongoing coordinated efforts by countries to take down cyber criminals and their networks.

[Researcher: Waithera Junghae]


5. US District Court dismisses major portion of SEC lawsuit against SolarWinds   

In a lawsuit filed in October, the Securities and Exchange Commission (SEC) had accused SolarWinds of misleading investors about its cyber security posture prior to the company’s breach in 2019, in addition to downplaying the attack’s severity after it occurred. All charges relating to statements made after the attack have now been dismissed due to anti-fraud laws not requiring companies to communicate publicly with “maximum specificity” following an attack.

SO WHAT? 

This groundbreaking lawsuit will help publicly traded companies gain more clarity about how to deal with incident disclosure regulations.

[Researcher: Anna Tankovics]


6. British and Spanish authorities take down large-scale DDoS platforms

UK law enforcement, with the PSNI and FBI, took down DigitalStress a marketplace selling distributed denial of service (DDoS) attacks, which can take websites offline by overloading them with malicious traffic. Separately, Spanish authorities arrested three individuals for using DDoSia, a pro-Russian DDoS platform with over 13,000 users targeting 24 countries. Both actions are part of broader efforts to combat DDoS-for-hire services.

So what?

Despite global efforts and local law enforcement progress in combating DDoS marketplaces, DDoS remains one of the most common and disruptive cyber threats.

[Researcher: Amy Gregan]


7. Los Angeles court system and Greek Land Registry hit by cyber attacks

Los Angeles county courts suffered a ransomware incident, which affected all 36 courthouses in the county and triggered a halt in inmate transfers. The Superior Court of Los Angeles County is the largest trial court in the United States. In Greece the Land Registry agency suffered a data breach, after 1.2 GB of data was exfiltrated. The stolen data did not include any personal information about the citizens.

So what?

Cyber attacks on critical infrastructure can have a significant impact beyond financial loss.

[Researcher: Lena Krummeich]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.