header image
intelligence

Cyber Intelligence Briefing: 18 November 2022
Miles Arkwright, James Tytler 18 November 2022
18 November 2022    Miles Arkwright, James Tytler

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. To pay or not to pay? Australia considers making ransom payments to cyber criminals illegal.
  2. Twitter 2FA meltdown. SMS-based authentication briefly goes offline.
  3. Burn after reading. Football fans advised to bring burner phones to Qatar to avoid spyware.
  4. Caught out. Iranian hackers access US government network through unpatched Log4Shell vulnerability.
  5. Hushpuppi silenced. Nigerian influencer and cyber criminal sentenced to 11 years in US prison.
  6. Weak link. Thales traces LockBit data leak to partner account.

1. AUSTRALIA CONSIDERS BAN ON RANSOMWARE PAYMENTS

 

This week, Australia’s Home Affairs Minister Clare O’Neil announced that her government was considering making the payment of ransoms to cyber criminals illegal. The suggestion is a response to recent cyber attacks affecting millions of Australians and is aimed at stripping cyber criminals of the financial incentive.

 

 SO WHAT?

Making ransom payments is not explicitly illegal in most jurisdictions, but international sanctions and terrorist financing regulations should be considered. Ransomware victims must carefully assess the value of the data that was breached against the potential legal, ethical, and reputational implications of making a ransom payment.

 

 

Cyber Security Insights Report

 

2. CONFUSION OVER TWITTER’S SMS-BASED TWO FACTOR AUTHENTICATION

 

Earlier this week, Twitter users reported they were not receiving SMS authentication codes for two factor authentication (2FA) and were being locked out of their accounts. Twitter’s new owner Elon Musk appeared to have suspended the service, which was later reinstated.

Separately, security researchers have now identified a vulnerability in Twitter’s SMS-based 2FA which could enable hackers to take over user accounts.

 

SO WHAT?

Two-factor authentication is a valuable security measure but it is far from a silver bullet. Organisations should adopt a defence-in-depth approach to their security, and consider app-based or token-based forms of authentication as SMS-based methods can be exploited.

 

 

3. SPYWARE WARNING AT QATAR WORLD CUP

 

European data protection agencies have expressed concerns over two mobile apps which all foreign visitors to Qatar will be required to download. French, Norwegian, and German authorities are alarmed at the permissions the apps require, which would allow for data collection and communications monitoring. Visitors have been advised to either install the apps on burner phones or delete them as soon as they return home.

 

 SO WHAT?

Bringing a corporate mobile device to a foreign country can pose security risks. When travelling, only connect to secure Wi-Fi networks and avoid online connections to services that require authentication, where possible.

 

 

4. IRANIAN HACKERS COMPROMISE UNPATCHED US GOVERNMENT NETWORK

 

The US Cybersecurity and Infrastructure Security Agency has reveal that Iranian state-linked hackers gained access to an unnamed federal government system last July by exploiting the widely reported Log4Shell vulnerability on an unpatched server. Log4Shell was discovered in November 2021, and lead to a wave of ransomware attacks. The patch was released in December 2021.


SO WHAT?

Timely patch management is a challenging but essential task for all organisations. Failure to implement patches in a reasonable time frame may have implications for insurance coverage and legal liability in the event of a breach. 

 

 

5. INFLUENCER AND CYBER CRIMINAL SENTENCED

 

Nigerian cyber criminal Ramon Abbas, dubbed Hushpuppi, has been sentenced to over 11 years in US federal prison after laundering the proceeds of multiple business email compromise frauds and other online scams. Abbas used fake invoices to convince his victims to transfer him money and fund his lavish lifestyle advertised across social media channels.

 

SO WHAT?

Business email compromise scams largely rely on social engineering and are designed to trick users by appearing trustworthy. Organisations should complement technical email security measures, such as anti-spoofing controls, with routine user training to help staff identify phishing attempts.

 

 

6. THALES TRACES LOCKBIT DATA LEAK TO PARTNER ACCOUNT

 

9.5 gigabytes of data relating to French security and technology firm Thales has been posted on LockBit’s leak site. After denying claims of a breach to their network, Thales identified that the data had been exfiltrated from a partner account on a shared portal.

 

SO WHAT?

Organisations should consider the risks posed by third-parties when assessing their cyber resilience. Understanding where company data is stored, and how that data can be accessed are important considerations when assessing third party risk.

 

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Associate, Cyber Security Email Miles
James Tytler
James tytler Senior Analyst, Cyber Security Email James

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report