3 March 2023

5 min read

TikTok banned on government devices in US, Canada, and EU | Cyber Intelligence Briefing: 3 March

March 2023
TikTok banned on government devices in US, Canada, and EU | Cyber Intelligence Briefing: 3 March placeholder thumbnail

 

Top news stories this week

  1. TikTok crackdown. US, Canada, and EU ban Chinese-owned social media app on government devices.
  2. Working from home. LastPass discloses source of data breach as engineer’s home computer.
  3. Under arrest. US Marshals Service hit by major ransomware incident.
  4. Bookworm. High street retailer WHSmith suffer data breach following a cyber attack.
  5. Young offenders. Dutch police arrest three hackers involved in sophisticated ransomware operation.
  6. Finish him! Mortal Kombat ransomware decryptor released. 

 

1. TikTok banned on government devices in US, Canada, and European Union

The European Commission has banned Chinese owned app TikTok from all corporate devices due to cyber security concerns. Canada has also banned the app on government-issued devices, and US Federal agencies have been given 30 days to delete TikTok from all government issued devices.

So what?

User data stored in applications can be monitored and potentially leveraged to conduct cyber attacks. Organisations should implement policies that prevent the use of applications with known data privacy issues on company devices.



 

 

2. LastPass reveals engineer's home computer as source of breach 

LastPass has confirmed that an earlier attack in August 2022 led to the second cyber attack it suffered in December. The threat actor targeted an engineer’s home computer which had access to the company's shared cloud. The hacker deployed keylogger malware to capture the master password and then access sensitive resources such as database backups and encrypted password vaults.

So what?

Access to sensitive company resources should be limited to corporate devices with security practices such as MFA and principle of least privilege enforced. LastPass customers are also advised to change any passwords stored on the platform.

 


 

3. US federal law enforcement agency hit by ransomware

A ransomware attack on the US Marshals Service has resulted in the compromise of highly sensitive information, including law enforcement data and details of ongoing criminal investigations. The attack coincided with the Biden administration’s release of the new National Cyber Security strategy, which emphasises the need for greater coordination between federal agencies against cyber criminals.

So what?

To prepare for and minimise the impact of ransomware, it is recommended that all organisations, including both public and private sectors, establish an incident response plan and test the availability of their backups.

 


 

4. High street retailer WHSmith victim of cyber attack

WHSmith, the high-street retailer, confirmed that a cyber attack this week led to the data of current and former employees being compromised. The company stated that the attack has not impacted customer details or financial data, which are stored on separate systems.

So what?

Network segmentation can mitigate the impact of an unauthorised intrusion. All organisations should adopt a defence in depth approach to security, eliminating single points of failure.

 
 

 

Cyber Security Insights Report

 

5. Dutch police arrest hackers

Dutch police have arrested three hackers for their role in a sophisticated data theft, extortion, and money laundering operation. The two-year long investigation uncovered that the group extorted thousands of companies and stole data belonging to tens of millions of people. The group also sold data belonging to victims they had already extorted a ransom from.

So what?

It can take a long time for cyber criminals to be brought to justice. Victims of extortion should assume that any ransom payments will never be recovered.

 
 

 

6. Mortal Kombat ransomware decryptor released 

Security researchers have released a free decryptor for the Mortal Kombat ransomware. First detected in January 2023, this ransomware strain has primarily targeted systems in the United States. It is distributed via malicious emails with ZIP attachments.

So what?

The ransomware decryptor allows victims to recover their data without having to pay the ransom. However, the threat actor is still able to leak data as a secondary extortion method.  

 
 

Cyber Intelligence Briefing

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Authors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.