header image

Cyber Intelligence Briefing: 10 June 2022

Roddy Priestley, Miles Arkwright 10 June 2022
10 June 2022    Roddy Priestley, Miles Arkwright

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Follina zero-day. Windows critical zero-day actively exploited across industries. 
  2. Shields down. Data breach at Shield Healthcare Group impacts over two million customers.
  3. Chinese espionage. Telecommunications organisations targeted by Chinese-backed hackers. 
  4. Palermo cyber attack. Italian city of Palermo shuts down all public systems following cyber attack.
  5. Don’t dwell on it. Study finds increased threat actor dwell time in the networks of smaller organisations.

 

1. FOLLINA ZERO-DAY EXPLOITED

Attackers are exploiting the Windows zero-day vulnerability Follina to deliver the infostealing Qbot malware. The attackers are circulating phishing emails that contain a malicious HTML file, which, if opened, will deploy the Qbot malware and grant the threat actor remote access to the victim’s machine.

Microsoft are yet to patch Follina, but have released guidance on preventing exploitation.

 

SO WHAT?

As Microsoft are yet to release a patch, it is vital that employees do not open unrecognised email attachments, particularly from untrusted sources. Until the vulnerability has been patched, we recommended applying Microsoft’s guidance as a short term fix. Indicators of Compromise can also be found here.

 

 

2. DATA BREACH AT SHIELDS HEALTHCARE GROUP

Medical services provider Shields Healthcare Group has confirmed they suffered a data breach that affected around two million people and over 50 health care facilities in the United States. Threat actors were able to access data that included social security numbers, addresses, and medical records. Threat actors could use this sensitive information for social engineering and extortion attacks.

Those affected by the data breach have been informed by Shields Healthcare Group.

 

SO WHAT?

Data breaches of this volume can have significant financial and reputational consequences, both from a legal and regulatory standpoint. Organisations should ensure they follow data management best practice. This includes knowing where your data is located, securing your data appropriately, and destroying data when it is no longer needed.

 

 

3. CHINESE ESPIONAGE AGAINST GLOBAL TELCOS

US federal agencies have announced that Chinese-backed hackers have targeted global telecommunications companies and network service providers by exploiting publicly known network vulnerabilities. Upon infiltrating an organisation’s environment, the hackers are identifying critical users to acquire their credentials and steal sensitive data.

 

SO WHAT?

Organisations are advised to apply security patches as soon as possible, disable unnecessary ports, and replace end-of-life network infrastructure.

 

 

4. PALERMO SUFFERS CYBER ATTACK

The Italian municipality of Palermo has taken all public services and websites offline following a cyber attack last week. The affected systems reportedly include the city’s police center, administration website, and the entirety of the municipal services. The nature of the attack is unconfirmed, but reports indicate it is ransomware.

 

SO WHAT?

Cyber attacks can cause significant business interruptions. Organisations should conduct a business impact analysis to predict the consequences of a cyber attack, and the measures required to restore usual business operations.

 

 

5. DON’T DWELL ON IT, EMPLOY THREAT DETECTION

Researchers found that threat actors often dwell in networks of small organisations (up to 250 employees) for an average of up to 51 days, whilst remaining in the networks of larger organisations (3,000 – 5,000 employees) for 20 days. This is likely due to smaller organisations generally having less mature cyber security practices, making it easier for threat actors to discreetly move laterally, elevate privileges, and access sensitive resources.

 

SO WHAT?

Organisations can reduce dwell time by employing threat detection capabilities. This includes collecting data from security events across the network, understanding usual network traffic patterns, and having an endpoint threat detection solution to identify malicious events on user machines.

 

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy
Miles Arkwright
Miles arkwright Senior Analyst, Cyber Security Email Miles

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report