The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- LastPass’ security bypassed. World’s largest password manager hacked.
- Caught in 0ktapus’ tentacles. Group behind SMS-based 2FA spoofing attacks has targeted over 130 companies including Signal, Authy, and DoorDash.
- New telecom regulations. UK confirm new rules to protect telecom networks against cyber attacks.
- Another name in the book. US library supplier hit with ransomware.
- Phishing on the South China Sea. Chinese state-linked campaign targets Australian government agencies.
- Data breaches. Two major data breaches took place this week, affecting millions of users.
1. LASTPASS’ SECURITY BYPASSED
The global password manager LastPass had its development server compromised, reportedly granting threat actors access to the tool’s source code.
LastPass has stated that incident responders have contained the breach and that no customer data, including access keys, were leaked.
SO WHAT? Password managers are solid solutions to improve overall password hygiene but should be complemented by other security controls, including multi-factor authentication (MFA), access control policies, and broader cyber security awareness training.
|
2. FALLOUT FROM SMS SPOOFING ATTACK ON TWILIO CONTINUES
The threat actor behind last month’s MFA spoofing attack on US-based telecommunications company Twilio has compromised almost 10,000 accounts at over 130 companies since March 2022, according to security researchers.
The group, dubbed 0ktapus, leveraged its access to Twilio’s internal systems to intercept one-time passwords (OTPs) for employees and customers of companies that use Twilio for SMS-based MFA. So far, the IT identity and access management company Okta, food delivery company DoorDash, Twilio’s MFA app Authy, and the secure communications firm Signal have all disclosed that they have been impacted.
SO WHAT? There are many forms of MFA available, each with associated advantages and disadvantages. OTPs sent over SMS are vulnerable to various forms of attack. Organisations should ensure they have an MFA solution suited to their needs, but app-based MFA is generally more secure.
|
3. NEW TELECOM REGULATIONS
The new regulations set to come into force in October 2022 will require UK telecom companies to meet appropriate cyber security standards to secure network equipment and data. Organisations that fail to meet the standards imposed may be fined up to 10 percent of their annual turnover.
SO WHAT? Organisations should evaluate whether the new laws apply to them and if so, ensure they are meeting the relevant standards.
|
4. US library supplier hit with ransomware
Baker & Taylor, the world’s largest distributor of books to libraries, suffered a ransomware attack last week. The incident caused a server outage that is continuing to impact the company’s phone systems, offices, and service centres. The attack is yet to be attributed to a specific threat actor.
SO WHAT? Ransomware attacks can result in disruption to business-critical systems. Organisations should prepare for these events and have comprehensive incident response and business continuity plans in place.
|
5. CHINESE CYBER ESPIONAGE AND PHISHING CAMPAIGN UNCOVERED
Between April and June 2022, a China-based threat group known as APT40 conducted an extensive cyber espionage campaign against a range of targets, including Australian government agencies and commercial organisations with a presence in the South China Sea. The group leveraged phishing emails impersonating an employee of a fictional Australian news website to gain entry to victims’ networks.
SO WHAT? Unsolicited emails from unknown sources should always be treated as suspicious. Phishing remains one of the most common methods of entry for threat actors, including both state-linked groups and financially motivated cybercriminals.
|
6. DATA BREACHES
This week, there were two major data breaches affecting millions of users.
- A 2021 database stolen from the popular Russian media streaming platform START (start.ru) was leaked. This database contained email addresses, phone numbers, and usernames of more than 7.5 million START customers. Russian news outlet ‘Medusa’ has tested the leaked data and confirmed that the usernames and passwords are valid START credentials.
- Data for over 2.5 million individuals with student loans from Oklahoma Student Loan Authority (OSLA) and EdFinancial were exposed after hackers breached the systems of technology services provider Nelnet Servicing. Personally Identifiable Information (PII) has been exposed including social security numbers. Both EdFinancial and OSLA have offered impacted individuals free access to a 24-month identity theft protection service.
SO WHAT? Data breaches can lead to a range of subsequent cyber incidents. Employees should be trained to identify potential phishing emails and have a clear process to report them internally.
|