Top news stories this week
- Off track. Wi-Fi log-in screen at UK railway stations vandalised to show Islamophobic messages.
- Cash crash. MoneyGram takes services offline due to cyber attack.
- About face. Telegram announces crackdown and cooperation with law enforcement.
- Patch now. New Ivanti vulnerability being actively exploited in the wild.
- Compromised. Dell, Harvey Nichols, MC2 Data and the government of Philippines suffer data breaches.
- Phish line cut. International law enforcement crackdown on major mobile phone scam network.
1. Rogue employee behind cyber-vandalism on Wi-Fi network at UK train stations
A man has been arrested in connection with a cyber attack on the Wi-Fi networks of 19 major UK railway stations. Users attempting to connect to the public Wi-Fi were shown Islamophobic messaging about terrorist attacks before the service was shut down in response. In a statement, Telnet, which manages the Wi-Fi service, confirmed that the incident was not the result of a network security breach, but an act of vandalism by a rogue employee.
So What?
It can be easy to assume that cyber incidents are caused by external attackers or due to system weaknesses, but it is important to investigate fully before drawing conclusions.
[Researcher: James Tytler]
2. MoneyGram takes services offline due to cyber attack
The American peer-to-peer payment and money transfer giant MoneyGram confirmed it suffered a cyber attack and took systems offline in response, leaving customers unable to transfer or access their funds for several days. While services are back, details of the attack are limited, and to date no ransomware gang has claimed responsibility. MoneyGram is the world's second largest money transfer company processing significant amounts of personal and financial data.
So what?
It can be necessary to proactively shut down connectivity to respond to advanced network intrusions. Any containment plan should be weighted up against the risk of business interruption.
[Researcher: Milda Petraityte]
3. Telegram to increase cooperation with law enforcement
Telegram CEO and founder Pavel Durov has announced that the social media and messing application will take a more proactive approach to content moderation. The company also announced it will provide users’ IP addresses and phone numbers to law enforcement. The policy follows the arrest of CEO Durov on 24th August in France, who was accused of failing to curb illegal content on the platform.
So what?
S-RM has observed ransomware groups leaking stolen data on Telegram. Our threat intelligence team will monitor how criminals respond to the new policy.
[Researcher: Lena Krummeich]
4. New Ivanti vulnerability being actively exploited in the wild
CISA has confirmed a new vulnerability in Ivanti Virtual Traffic Manger (vTM) appliances is being actively exploited in the wild. The vulnerability allows attackers to bypass authentication and create new administrator users. In response, Ivanti have recommended limiting access to the vTM management interface to internal networks.
SO WHAT?
It is important to implement a dedicated vulnerability management program to ensure you are protected against new threats.
[Researcher: David Broome]
5. Dell, Harvey Nichols, MC2 Data and the government of Philippines suffer data breaches
The personal data of 100 million Americans and information on 28 million Filipino passport holders may have been exposed due to separate breaches at background checking firm MC2 Data and a Philippine government service provider, respectively.
Meanwhile, luxury British store Harvey Nichols confirmed it suffered a data breach affecting customers, and US technology company Dell is investigating a threat actor’s claims that it leaked the data of 10,000 employees.
SO WHAT?
Organisations should have clear policies, processes, and procedures, including staff education around the importance of safeguarding sensitive data.
[Researcher: Waithera Junghae ]
6. International task force dismantles network unlocking stolen mobile phones
Europol-supported authorities in Europe and Latin America dismantled a global criminal network involved in unlocking stolen or lost mobile phones through phishing. The operation resulted in 17 arrests and the seizure of various items. The investigation identified over 1.2 million unlocked phones and 483,000 victims worldwide, primarily Spanish-speaking nationals from European and American countries.
So what?
See our briefing on the phone theft crisis for more information on how to secure mobile devices.
[Researcher: Lawrence Copson]