The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Uber and Rockstar Games hacked. Lapsus$ group claims responsibility for both breaches.
- Revolut and American Airlines phished. Sensitive customer data stolen in both incidents.
- Wave of hacktivism. Hacktivists target Iranian state-affiliated websites.
- LockBit pays bug bounty. The ransomware group allegedly paid a USD 50,000 bug bounty reward.
- Biden’s cyber security grant. The USD 1 billion funding aims to prevent cyber attacks against state, local, and territorial governments in the US.
- Buzzing. Hive ransomware gang claims responsibility for multiple cyber attacks.
1. UBER AND ROCKSTAR GAMES HACKED
Lapsus$ group, an international cybercriminal organisation, has claimed responsibility for the high profile attacks on Uber and Rockstar Games. Uber has reported that the group accessed its internal network after acquiring a contractor’s credentials via a phishing attack. No sensitive user information has reportedly been stolen.
The method of entry into the network of Rockstar Games is unclear, however Lapsus$ exfiltrated invaluable source code and unreleased footage of their gaming series Grand Theft Auto. The group has threatened to leak further material if their demands are not met.
2. DATA BREACHES AT REVOLUT AND AMERICAN AIRLINES
The digital bank Revolut suffered a data breach that exposed the personal details of over 50,000 customers. The stolen data includes customers’ names, addresses, email addresses, phone numbers, and card payment data. Attackers reportedly used social engineering to access Revolut's network.
Separately, American Airlines disclosed a data breach following a phishing attack in July. Attackers accessed sensitive customer and employee data contained in employee email accounts.
SO WHAT? Threat actors will likely leverage exposed personal information to commit fraud and tailor further phishing campaigns. Impacted individuals must remain vigilant for any suspicious activity, including emails, messages, and phone calls that request personal details or passwords. |
3. WAVE OF HACKTIVISM
Following the death of an Iranian woman in police custody, the hacktivist group Anonymous launched a cyber operation against state-affiliated websites. As a result, the Iranian Central Bank’s website and the official government news portal went offline.
SO WHAT? Hacktivists look to cause harm as retribution for actions that don’t align with their social or political views. Organisations must recognise how their perceived political stance increases their attractiveness as a target. |
4. LOCKBIT PAYS BUG BOUNTY
LockBit, the Russia-linked cybercriminal group, has allegedly paid USD 50,000 for a reported error in their malware code. The bug enabled the decryption of certain files types that have been encrypted by their ransomware.
SO WHAT? This is the first reported payment under LockBit’s new bug bounty scheme since its inception earlier this summer. With ransomware groups under continued scrutiny from security researchers and law enforcement, other established threat groups may set up similar schemes to improve their exploit codes and maximise profits. |
5. BIDEN’S USD 1 BILLION CYBER SECURITY GRANT PROGRAMME
The Biden administration has launched a USD 1 billion grant programme to improve the cyber security posture of state, local and territorial (SLT) governments. The grant programme will be administered jointly by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA).
SO WHAT? Government cyber security budgets at the SLT level remain chronically underfunded, which has led to a series of notable cyber attacks on schools, councils, and hospitals. This expansive grant programme will hope to fix that. |
6. HIVE ATTACKS
The New York Racing Association (NYRA) continues to recover from a cyber attack that the Hive ransomware group executed in June. The attack impacted the NYRA’s IT operations, with their website only recently coming back online. It is suspected that Hive exfiltrated social security numbers, health records, and driver’s licence numbers.
Additionally, Hive has claimed responsibility for August’s attack on Bell Technical Solutions (BTS). Similarly, the group accessed sensitive information including names, addresses, and phone number of residential and small business customers in certain provinces.
SO WHAT? The impact of ransomware attacks can last for months, especially if organisations haven’t got sufficient recovery processes in place. Documenting and regularly testing incident response and disaster recovery plans is a good start for identifying whether your organisation is prepared to deal with the initial stages of a ransomware attack. |