The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Ukraine suffers further cyber attacks. Critical infrastructure in Ukraine is targeted with DDoS attacks.
- Ransomware touchdown. A round-up of noteworthy incidents, including an attack against the San Francisco 49ers.
- Actively exploited. E-commerce and other widely used applications are vulnerable.
- Data exposure. An overview of several significant data breaches
- Call for action. The EU data protection watchdog proposes a ban on Pegasus-like spyware.
- Optimism bug bounty. Optimism awards USD 2 million bug bounty to researcher.
1. Ukraine suffers further cyber attacks
Amid the ongoing Ukraine-Russia tensions, Ukraine’s defence ministry and two publicly-owned Ukrainian banks were targeted with distributed denial-of-service (DDoS) attacks on 15 February. These incidents follow cyber attacks against several other Ukrainian government agencies on 14 January resulting in the destruction of data and several government websites going offline.
Although the actors behind the recent attacks have not been definitively identified, the cyber security chief of Ukraine’s SBU intelligence agency pointed to Russia.
SO WHAT? Cyber attacks have become a central tool employed by state actors today. Although most state-orchestrated attacks target government organisations, private organisations providing key infrastructure may also be targeted.
|
2. Ransomware touchdown
- The NFL's San Francisco 49ers team was hit with a ransomware attack, causing significant disruption to their IT systems. The ransomware group Blackbyte claimed responsibility and began to publish data supposedly exfiltrated during the attack.
- Japanese sporting goods company Mizuno was also hit with a ransomware attack, resulting in telephone outages, delays in shipping goods, and website issues.
- Ransomware group BlackCat claimed responsibility for the recent ransomware attack against aviation services company Swissport International, which resulted in 22 delayed flights at Zurich airport. BlackCat further claimed that over 1.6 TB of data was exfiltrated during the attack.
SO WHAT? Prepare an incident response plan to guide your response to a cyber attack. It is also imperative that organisations practice their plans by conducting regular incident simulation exercises.
|
3. Actively exploited vulnerabilities to patch
- Adobe released a patch for an actively-exploited critical vulnerability in its Magento and Adobe Commerce e-commerce platforms that may be exploited by actors to install e-skimmers, tools that covertly harvest financial information of customers interacting with the affected e-commerce platform.
- Google released a collection of patches for vulnerabilities in its web browser Chrome, including one that is actively exploited.
- The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalogue, including the above actively-exploited vulnerabilities patched by Adobe and Google.
SO WHAT? Organisations should review whether any affected software is employed in their estate, and implement available patches as soon as possible.
|
4. Recent data breaches
- A cyber attack on Harbour Plaza hotels in Hong Kong resulted in the exposure of personal data of more than 1.2 million guests.
- A cyber attack on Croatian phone carrier A1 Hrvatska resulted in the exposure of personal data of around 200,000 customers. The exposed data included full names, physical addresses, telephone numbers, and personal identification numbers.
- A New South Wales government data set, containing more than 500,000 addresses, was accidentally exposed. Some of the exposed addresses were sensitive, including defence sites, a missile maintenance unit, and domestic violence shelters.
SO WHAT? Organisations must ensure they have a comprehensive data protection programme in place that covers external threat actors, malicious insiders, and unintentional insider actions.
|
5. The EU data protection watchdog proposes a ban on Pegasus-like spyware
The European Data Protection Supervisor (EDPS) called for an EU-wide ban on Pegasus-like software, a highly-advanced, military-grade commercial spyware capable of providing unrestricted access to targeted mobile devices. The call follows numerous discoveries of spyware targeting government officials, human rights activists, and journalists globally.
SO WHAT? This latest recommendation adds to the increasing pressure being placed on EU member states to crack down on surveillance technologies. However, with minimal regulations currently in place, organisations and individuals should take proactive security measures to defend against spyware.
|
6. Optimism pays out a USD 2 million bug bounty
Security researcher Jay Freeman has discovered a vulnerability in Optimism, a tool employed to make transactions involving the cryptocurrency Ether cheaper and faster. The vulnerability would have allowed an actor to effectively print an unlimited amount of Ether.
Optimism was quick to address the vulnerability and issued a substantial reward of USD 2 million for Freeman’s discovery and help to address the vulnerability.
SO WHAT? Implementing a bug bounty programme is a valuable proactive measure to identify and evaluate vulnerabilities affecting organisations. It may further protect against malicious attacks as those who identify a vulnerability may choose to disclose the information in exchange for the bounty, rather than exploit it.
|