The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Special delivery. Yodel experiences severe operational disruption following cyber attack.
- Data breaches. Shoprite and Flagstar Bank suffer data breaches.
- Cyber espionage. The Strava application is exploited and Hermit spyware is deployed against Kazakhstani targets.
- Go phish. A sophisticated new phishing campaign appears.
- Android malware levelling up. The BRATA malware evolves.
- Europol on the hunt. A coordinated law enforcement operation leads to several arrests.
1. SPECIAL DELIVERY
A cyber attack against UK courier giant Yodel, who deliver over 190 million parcels annually, has resulted in delays to parcel distribution and the temporary shutdown of the company’s online order tracking service. Some individuals claim they have received no information on expected packages for over four days.
Yodel has not confirmed the type of attack, but given the extent of operational disruption, it likely involved ransomware. The company is currently investigating whether any customer data has been exposed.
|
SO WHAT? Cyber attacks can cause severe operational disruption, especially when ransomware is involved. In addition to implementing various security controls to defend against this threat, organisations should ensure they have up-to-date incident response and business continuity plans in place to mitigate operational disruptions in the event of a cyber incident.
|
2. DATA BREACHES AT SHOPRITE AND FLAGSTAR BANK
-
The US-based Flagstar Bank disclosed a data breach affecting 1.5 million customers that resulted from a cyber attack in December 2021. Stolen data includes names and social security numbers, which may be used by threat actors to commit identity fraud or launch more sophisticated social engineering attacks.
-
New extortion group RansomHouse claimed responsibility for an attack against Africa’s largest supermarket chain, Shoprite. The threat actor claims to have exfiltrated over 600GB of data during the attack, and is threatening to sell or publish it if a ransom is not paid. Reports suggest that the attack was limited to data exfiltration and that no ransomware was involved.
|
SO WHAT? Organisations must understand their legal and regulatory obligations regarding data protection, including those relating to notifications in the event of a data breach. How an organisation responds to a data breach, which can be rehearsed and included in an incident response plan, can have a direct impact on the reputational, legal, and regulatory costs a data breach can attract.
|
3. CYBER ESPIONAGE
-
Fitness tracking app Strava has been exploited to spy on certain members of the Israeli military. By uploading fake running “segments” inside military bases, unidentified operatives were able to track the exercise activity of some Israeli military personnel. The exploit even revealed information for users with the strictest privacy settings enabled.
-
Separately, a Kazakhstani government entity deployed the sophisticated purpose-built Hermit spyware against domestic targets. Not only can Hermit covertly collect data from an infected device, it can also make calls from the device.
|
SO WHAT? Ensure that you review the privacy settings for your various accounts and applications. It is also prudent to regularly conduct anti-malware scans of your devices.
|
4. A NEW SOPHISTICATED PHISHING CAMPAIGN
A new phishing campaign convincing victims to listen to an attached voicemail has been targeting a range of US organisations. The campaign’s approach is standard: socially engineer targets into clicking a link in an email which redirects to a page requesting Microsoft 365 credentials.
The sender’s address is spoofed to appear to come internally from the victim’s organisation. The phishing link contained in the email also first redirects the target to a CAPTCHA stage, which increases the appearance of legitimacy and allows the email to bypass certain anti-phishing controls.
|
SO WHAT? Phishing attacks can employ sophisticated techniques to imitate trusted parties. To deal with this threat, organisations must employ a combination of technical email filtering controls and employee phishing awareness training.
|
5. A NEW VARIANT OF BRATA MALWARE APPEARS
A variant of the infamous BRATA Android malware has been deployed in a series of fake banking apps. The new malware is particularly potent, with the ability to bypass certain SMS-based multi-factor authentication. The operators of BRATA are currently targeting financial institutions in Europe, and focus on one specific organisation at a time, moving on when their current target institution employs countermeasures.
|
SO WHAT? Mobile users should take care to only install applications from approved app stores, and should exercise extreme caution when entering banking credentials on mobile applications.
|
6. AUTHORITIES MOVE AGAINST CYBER CRIMINALS
An international law enforcement operation led by Europol, and involving the Belgian and Dutch police, has dismantled a phishing gang responsible for stealing millions of euros. 24 properties in the Netherlands were searched and nine individuals were arrested.
The law enforcement win follows another recent Europol-led international operation, which involved 11 countries and took down the infrastructure associated with the FluBot Android spyware.
|
SO WHAT? While global law enforcement have had success, particularly in the last two years, in identifying and arresting cyber criminals, new groups are constantly emerging. Individuals and organisations need to put measures in place to reduce their own risk.
|
Email Kyle
@SRMInform
S-RM
hello@s-rminform.com
S-RM YouTube
