6 September 2024

6 min read

Transport for London hit by cyber attack | Cyber Intelligence Briefing: 6 September

September 2024
Transport for London hit by cyber attack | Cyber Intelligence Briefing: 6 September placeholder thumbnail

Top news stories this week

  1. Mind the gap. Transport for London suffers ongoing cyber attack.
  2. Big hitter. RansomHub hit over 200 victims in just six months.
  3. Made in China? Researchers spot a novel cyber attack targeting China.
  4. Wrong report. Security researcher sued for neglect after disclosing sensitive stolen information.
  5. Grounded. German air traffic control hit by cyber attack.
  6. Crossed out. Social media platform X told to stop using European data for its Grok AI bot.

Q3 Cyber Webinar - Inline Banner

 

1. London’s transport authority investigates an ongoing cyberattack 

Transport for London (TfL), London’s transport authority, has reported it is investigating an ongoing cyber attack. Confined to the administrative functions in TfL’s headquarters, the attack is not impacting travel services and TfL report that customer data is unaffected.

So What?

Despite the seemingly low-impact nature of the attack on TfL, the reputational scrutiny high profile organisations face during any incident require timely and accurate communication.

[Researcher: Adelaide Parker] 


2. RansomHub hits over 200 targets despite only appearing in February

RansomHub is rapidly becoming a major group in the ransomware ecosystem, hitting over 200 targets since it first emerged in February this year. While primarily targeting entities in the US, it has also impacted critical infrastructure organisations across Brazil, the UK, and other European countries.

Separately, S-RM has observed affiliates transitioning from other notorious ransomware-as-a-service (Raas) groups, such as BlackCat, to RansomHub, likely improving the technical capabilities of the group.

So what?

It is essential to gather threat intelligence to inform your engagement strategy during a ransomware incident.

[Researcher: Lena Krummeich]


3. Novel attack on Windows reportedly running from and targeting China

Researchers have uncovered a campaign targeting Chinese-speaking Windows users with Cobalt Strike payloads, a tool typically used by attackers to infiltrate IT systems. The attack, which is reportedly delivered via phishing email, masquerades as legitimate licensing and activation software. While the attacker’s identity remains unknown, the infrastructure used originates from within China. 

So what?

The threat landscape is constantly evolving. It’s important for organisations to continually monitor and adapt security processes to keep pace.

[Researcher: Rosie McKeown]


4. Security researchers fear legal consequences after interfering with stolen data

The City of Columbus has sued a security researcher for allegedly downloading and sharing data stolen that the Rhysida gang leaked when their extortion attempt against the city failed earlier this year. The researcher informed local media about the stolen data, which included sensitive information such as Social Security numbers.

SO WHAT? 

While this legal move could deter researchers from investigating breaches, it underscores the importance of responsible disclosure practices and close collaboration with authorities.

[Researcher: Lena Krummeich]


5. German Air traffic control hit by cyber incident 

German air traffic control has been the victim of a cyber attack, but the agency assured that air traffic remained unaffected.  The responsible threat group remains unconfirmed, but speculation suggest that a group linked to Russian military intelligence (GRU) is involved.

SO WHAT? 

Critical infrastructure remains an attractive target for cyber criminals who seek operational disruption as a point of leverage. Organisation should employ redundancy measures across critical assets to minimise the operational impact of an incident.

[Researcher: Lena Krummeich]


6. Social media platform X agrees to stop using European data to train AI bot

The European data watchdog, the Data Protection Commission (DPC), closed proceedings against X after the social media giant agreed to cease using European user data to feed into its Grok AI chatbot. This is the first instance that the DPD has used its power to stop troubling data practices.

So what?

As companies race to leverage AI technology in their operations, it is crucial to understand the regulatory landscape in each operating region and conduct readiness assessments to avoid non-compliance.

[Researcher: Rosie McKeown]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.