header image
intelligence

Cyber Intelligence Briefing: 14 October 2022
Miles Arkwright, James Tytler 14 October 2022
14 October 2022    Miles Arkwright, James Tytler

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Killnet strikes. Russian group claims DDoS attacks on major US airports.
  2. BidenCash bonanza. Huge repository of credit card data leaked for free on new dark web market.
  3. The rise of drone-based Wi-Fi attacks. Modified drone used in network snooping attack.
  4. Toyota own goal. Access key to database left unprotected on GitHub for five years.
  5. Biden’s cyber security labels. White House proposes new voluntary cyber security labels for IoT manufacturers.
  6. Time to patch! Microsoft releases patches for 84 flaws, including two zero-day vulnerabilities.

1. KILLNET STRIKES

Pro-Russia hacktivist group Killnet has claimed responsibility for several large-scale DDoS attacks on more than a dozen major US airports. Airport websites across the country, including Los Angeles International and Atlanta Hartsfield-Jackson, were taken offline, restricting access to flight updates and booking of airport services. The attacks did not impact flight operations, with all airports remaining functional.

In a separate incident, Killnet claimed responsibility for an attack on JPMorgan Chase. The bank has refuted these claims.

 

SO WHAT?

Organisations often suffer reputational damage after a DDoS attack. Carrying out regular reviews of your internet service provider’s denial of service protections, and implementing web application firewalls, where applicable, will help reduce the impact of a DDoS attack.

 

 

2. BIDENCASH BONANZA

BidenCash, a dark web marketplace launched in June 2022, has published over 1.2 million credit card details as a promotional exercise, allowing anyone to download them for free. The leak includes card numbers, expiration dates, and CVV numbers, as well as more sensitive information such as social security numbers and home addresses.  

 

SO WHAT?

Data dumps of this size often include recycled or fake data. Nevertheless, this case still emphasises the importance of regular dark web monitoring, as organisations that identify this type of activity early can move quickly to mitigate the impact.

 

 

3. THE RISE OF DRONE-BASED WI-FI ATTACKS  

A security researcher has raised an incident in which an adversary used a modified drone to infiltrate the wireless network of a US-based financial institution. The drone was discovered on the roof of the building, outfitted with network penetration tools. 

The drone intercepted an employee’s credentials that were later used in an attempt to access further credentials stored on the internal network. Quick action by incident responders shielded the network from further exposure. 

 

SO WHAT?

Organisations should monitor for unrecognised devices connecting to their networks. Having a well-documented inventory of devices can help, but, it could also be worthwhile to periodically scan the roof for drones!

 

 

4. TOYOTA CUSTOMER DATA EXPOSED FOR FIVE YEARS 

Toyota has disclosed that it suffered a data breach after a third-party contractor left a sensitive access key exposed on the public code repository GitHub. The key was accessible for five years until access to the repository was made private last month, potentially allowing threat actors to access personal data of almost 300,000 customers. 

 

SO WHAT?

Plaintext credentials left in source code pose a significant security risk and are often exploited by attackers. Organisations should ensure that their subcontractors follow credential management best practice when handling sensitive data within applications.

 

 

5. CYBER SECURITY LABELS FOR INTERNET OF THINGS DEVICES 

The Biden Administration has announced plans for a cyber security labelling programme, which it hopes will improve digital safeguards on internet of things (IoT) devices. The standards under consideration include ratings on how often a manufacturer deploys patches, as well as whether devices are connecting to the internet without a password. The European Union announced similar legislation last month, aimed at reducing common vulnerabilities and attack vectors. 

 

SO WHAT?

Given the proliferation of IoT devices, it is imperative that organisations understand the vulnerabilities most commonly associated with them to ensure they do not become unexpected attack surfaces

 

 

6. PATCH TUESDAY

For October’s Patch Tuesday, Microsoft has released fixes for 84 flaws. This includes an actively exploited zero-day vulnerability (CVE-2022-41033), which allows threat actors to obtain elevated privileges to vulnerable devices. However, the two Microsoft Exchange zero-day vulnerabilities, dubbed ProxyNotShell, which we discussed in last week’s edition, remain unpatched.   

Separately, a recently fixed authentication bypass security bug, affecting a number of Fortinet products, is now seen to be actively exploited in the wild.  

 

SO WHAT?

Organisations should review whether any affected software is employed in their estate and, if so, implement available patches as soon as possible.

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Senior Analyst, Cyber Security Email Miles
James Tytler
James tytler Senior Analyst, Cyber Security Email James

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report