Top news stories this week
- Cyber diplomacy. Iranian threat actors target Israeli shipping and logistics firms, and separately GoldenJackal revealed to have been targeting Asian government entities since 2019.
- iSpoof. British national jailed for running multimillion-pound fraud website.
- Big game hunting. Rheinmetall AG and Capita fall prey to BlackBasta ransomware attacks.
- Imposter. Malicious software mimicking original packages found in open-source software NodeJS.
- Cyber espionage exposed. China-backed hackers breach critical infrastructure in US.
- Tricky business. Philadelphia Inquirer denies ownership of leaked data.
1. State-backed threat actors targeting shipping and logistics firms, and Asian government entities
Security researchers have attributed a series of targeted ‘watering hole’ attacks against Israeli shipping and logistics websites to an Iranian state-backed threat actor.
Separately, an Advanced Persistent Threat (APT) named GoldenJackal has reportedly carried out espionage activities against various Asian government agencies since 2019. The group, whose infection vectors are unknown, has maintained a low profile since inception to avoid detection.
So what?
APT attacks are sophisticated and carefully planned to evade security controls and avoid detection. Active threat hunting can help identify an intrusion.
2. Fraud website owner jailed in global fraud investigation
A British national has been jailed for running the multimillion-GBP fraud website iSpoof, following an international fraud investigation. The website allowed users to impersonate the phone numbers of major companies to defraud victims, with an estimate of 200,000 global victims and GBP 48 million stolen.
So what?
Cyber criminals can mask their identity in multiple ways. Before sharing sensitive information such as credit card or banking details, it is important to verify the authenticity of the request through a separate channel.
3. BlackBasta goes big game hunting
German automotive and arms manufacturer Rheinmetall AG confirmed a BlackBasta ransomware attack last week. While the attack left Rheinmetall's military operations unaffected, stolen data samples, including non-disclosure agreements and technical schematics were published on BlackBasta's leak site. Notorious for targeting high-profile entities, BlackBasta recently attacked ABB and Capita.
So what?
A robust threat intelligence programme should provide insights into the profiles of threat groups likely to target your organisation. This intelligence can be used to ensure organisations are adequately prepared to defend against their biggest threats.
4. Malicious package found in open-source software library NodeJS
Researchers have discovered malicious software packages in NodeJS libraries, an open-source software library used in multiple web applications. The malicious packages remained in the library for over two months, resulting in the deployment of trojan malware to victim systems.
So what?
Organisations that use open-source software libraries must review them on a regular basis for vulnerabilities and the risk they pose to the software supply chain.
5. Chinese cyber espionage campaign
Microsoft has warned that a Chinese espionage group named ‘Volt Typhoon’ has been targeting critical infrastructure organisations across the US since mid-2021. The group gains initial access by exploiting an unknown vulnerability in Fortinet FortiGuard devices. Microsoft assesses that Volt Typhoon's activities focus on intelligence gathering and espionage rather than immediate disruption.
So what?
Follow Microsoft and the National Security Agency’s guidance for mitigating and hunting the threat posed by Volt Typhoon.
6. Ransomware group challenged over Philadelphia inquirer attack
The Cuba ransomware group has claimed responsibility for the recent attack on the Philadelphia Inquirer. The threat group leaked information allegedly stolen from the attack, including balance sheets, financial documents, and source code. The newspaper has denied the authenticity of the leaked documents, resulting in the threat group deleting their post.
So what?
Cyber criminals can be unpredictable. Having a post-incident communication strategy will prepare you for managing public relations and reputation.