The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Cyber security culture. S-RM discusses how your organisation can build a strong cyber security culture.
- Under attack. KP Snacks, Swissport International, and Puma feel the effects of ransomware.
- Tech firms get proactive. Google and Microsoft deploy proactive security measures to protect users.
- BlackCat origins. The BlackCat ransomware group confirms BlackMatter and DarkSide links.
- Equifax settles. Equifax reaches a settlement agreement with US regulators.
- SIM swapping attacks. The FBI warns of SIM swapping attacks.
- Patch time! Key patches for this month, including Microsoft’s February 2022 Patch Tuesday.
1. Building a cyber security culture
Developing a strong cyber security culture is a critical part of an organisation’s security programme. This week, S-RM published a deep dive on how members of the C-Suite can improve their company’s security culture. The full article can be found here.2. The cost of cyber attacks
- Attackers targeted British food producer KP Snacks with a ransomware attack that significantly disrupted its IT systems, leaving the organisation unable to process orders or dispatch goods.
- A ransomware attack targeted and disrupted the IT systems belonging to the aviation services provider, Swissport International. As a result, 22 flights at Zurich airport were delayed.
- Sportswear manufacturer Puma suffered a data breach following the December 2021 ransomware attack on Kronos, its human resources management service provider. More than 6,000 individuals had their data exposed, including social security numbers.
|
SO WHAT? There are many kinds of costs associated with a ransomware attack, including operational down-time, reputational costs, legal costs, regulatory costs, and accreditation losses. Organisations must ensure that they implement a comprehensive security programme to reduce the likelihood of ever having to face them.
|
3. Tech firms take proactive security steps
- Google automatically enrolled over 150 million users and two million YouTube content creators in its multi-factor authentication (MFA) protocol. Since the enrollment, Google has witnessed a 50% decrease in account compromises compared to those without MFA.
- Microsoft adjusted the default settings of five Office products, including Word, Excel, and Powerpoint, so that certain macros obtained from the internet are prevented from running.
|
SO WHAT? Although these are reassuring moves by Google and Microsoft, organisations should not rely on third parties to handle their security protocols for them. Enforcing MFA should be a building block of any organisation’s security programme.
|
4. BlackCat ransomware confirms BlackMatter, DarkSide links
Ransomware group BlackCat confirmed that they contain previous affiliates of DarkSide, later known as BlackMatter, a prolific ransomware operation known for last year’s Colonial Pipeline cyber attack which hit critical national infrastructure and restricted the transport of fuel.
|
SO WHAT? This highlights how difficult it is to permanently disable cybercriminal threats. Even if a ransomware group disbands, it is common for its alumni to form new organisations, bringing many of the previous group’s tools and knowledge base with them.
|
5. Equifax finalises its settlement
Equifax, a credit reference agency, has finalised a settlement with US authorities in relation to its infamous 2017 data breach that impacted over 147 million US citizens and 15 million UK citizens. The settlement includes funds of USD 425 million to aid private individuals affected by the breach.
|
SO WHAT? Organisations should review whether any affected operating system or software is employed in their estate, and implement available patches as soon as possible.
|
6. Cyber attack impacts German fuel supplies
The FBI has warned of a significant increase in the number of SIM swapping attacks. In such an attack, a threat actor social engineers or bribes a mobile phone service provider to redirect communications destined for an individual’s SIM to a SIM owned by the actor instead. The actor is then often able to access online accounts owned by the victim by bypassing SMS-based MFA requests.
|
SO WHAT? Individuals should ensure that personal information, such as mobile phone numbers, is only publicly advertised where necessary. Leveraging an app-based MFA solution instead of SMS will also help limit the impact of this prevalent trend.
|
7. Patch Time!
Microsoft’s February Patch Tuesday update addresses 51 vulnerabilities, 50 of which are marked as important. Surprisingly, no critical vulnerabilities were addressed, a rare occurrence.
Adobe’s February security update addresses 17 vulnerabilities across Illustrator, Photoshop, After Effects, Premiere Rush, and Creative Cloud Desktop. Five of these are marked as critical.
|
SO WHAT? It is vital that organistions understand what software is being employed across their estate, and that they stay alert for any news of vulnerabilities or patches relating to that software. As always, Microsoft’s patch updates can be found here.
|
Email Joseph
@SRMInform
S-RM
hello@s-rminform.com
S-RM YouTube
