header image

Cyber Intelligence Briefing: 19 August 2022

James Tytler, Roddy Priestley 19 August 2022
19 August 2022    James Tytler, Roddy Priestley

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Water supplier springs a leak. Clop claims responsibility for ransomware attack on wrong water company. 

  2. Court adjourned. Argentina’s Judiciary of Córdoba hit by ransomware.  

  3. Suspects revealed and arrested. Tornado Cash suspect arrested and US government reveals identity of suspected Conti member. 

  4. Phishing threats. Microsoft warns of Russia-linked phishing campaigns whilst attackers turn to hybrid vishing attacks.  

  5. It wasn’t me! AT&T denies it is the source of substantial data leak and points finger at credit agency. 

  6. Starlink hacked. International satellite-based internet provider hacked at Black Hat 2022 conference.   


1. MISTAKEN IDENTITY IN RANSOMWARE ATTACK ON UK WATER SUPPLIER 

The ransomware group Clop has leaked sensitive data belonging to South Staffordshire Water, including screenshots of industrial control systems, on its dark web site. Clop initially believed it had gained access to Thames Water’s systems and leaked the data after negotiations over a ransom payment broke down. South Staffordshire Water has acknowledged the breach and denied that it caused any interruption to water distribution.  

 

SO WHAT?

The potential disruption resulting from a successful cyber attack on critical infrastructure is considerable. The apparent access to operational systems in this attack is concerning, but Clop’s misattribution of its victim shows that while cyber criminals are dangerous, they can also be sloppy. 

 

 

2. ARGENTINIAN COURT SENT BACK TO PEN AND PAPER BY RANSOMWARE 

A high court in Argentina, the Poder Judicial de Córdoba, has been hit by a PLAY ransomware attack.  The attack, which occurred on 13 August, forced the court to shut down its IT systems and online portal. It has been reported that official documents were being submitted manually using pen and paper.  

 

         

SO WHAT?

Organisations must have a robust and up-to-date contingency plan for maintaining critical services in the event of a cyber attack.   

 

 

3. CYBER CRIME SUSPECTS REVEALED AND ARRESTED 

Authorities in the Netherlands arrested one of the developers of Tornado Cash, a cryptocurrency mixer that allows users to obscure the source of their funds. Tornado Cash was recently sanctioned by the United States Treasury Department's Office of Foreign Assets Control (OFAC), as we reported last week. The arrest comes amid a pushback from the cryptocurrency community against the alleged impracticality of the new US sanctions. 

 

Separately, the US government revealed the identity of a suspected key member of the Conti ransomware group known as Target. The Department of Justice has offered a reward of USD 10 million for more information. 

 

SO WHAT?

Law enforcement agencies around the world continue their fight to identify cyber criminals and hold them accountable, but face ongoing challenges with attribution and slow moving regulatory frameworks. Organisations must also keep on top of wider cyber-related issues that could impact their business, such as sanctions.  

 

 

4. PHISHING CAMPAIGNS ONGOING 

Microsoft has warned of ongoing phishing attacks by Seaborgium, a Russia-linked threat actor. The primary motivation appears to be related to Russia’s ongoing information warfare campaign. Attacks have targeted defence and intelligence consultancies, universities, think tanks, and NGOs in the US, the UK, and other NATO allies. 

Separately, researchers found that hybrid vishing attacks increased by over 600 percent from Q1 to Q2. These attacks combine email and voice social engineering calls aimed at stealing their target’s account credentials.  

 

SO WHAT?

Threat actors continuously leverage and improve social engineering techniques to get around established security controls. Organisations should invest in phishing awareness training for their employees and carry out regular phishing simulation campaigns. 

 

 

5. AT&T DENIES RESPONSIBILITY FOR DATA BREACH 

Last week, security researchers identified a 3.6GB data leak on the dark web containing information from over 23 million Americans, including contact details, dates of birth, and social security numbers. They claim the data has come from AT&T, the largest telecoms company in the world. However, AT&T denies that it is the source, and instead claims that it is from an unspecified credit agency. The same data leak has reportedly resurfaced several times over the years. 

 

SO WHAT?

Once released on the dark web, sensitive information can reappear unexpectedly. When a substantial amount of data is leaked, repackaged, and resold, identifying the initial source can be difficult. 

 

 

6. STARLINK HACKED 

Security researchers at this year’s Black Hat USA convention in Las Vegas showcased how they compromised Starlink, a low orbit satellite programme developed by SpaceX that provides internet coverage around the world. The hackers used a homemade circuit board that cost around USD 25 to develop. The bug was disclosed to SpaceX’s bug programme before being presented.  

 

SO WHAT?

Satellites are crucial for modern communication, and are a key target for cyber criminals and rogue nation states alike. 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

James Tytler
James tytler Senior Analyst, Cyber Security Email James
Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report