header image
intelligence

Cyber Intelligence Briefing: 26 August 2022
Miles Arkwright, James Tytler 26 August 2022
26 August 2022    Miles Arkwright, James Tytler

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Apple’s zero-day vulnerabilities. Two Apple zero-day vulnerabilities require your attention.
  2. LockBit bitten. Ransomware group’s data leak sites taken offline in alleged retaliatory DDoS attack.
  3. New cyber insurance coverage cuts. Lloyd’s of London set to exclude nation-state cyber attacks from insurance protections.
  4. Donut Leaks. Emergence of ransomware group raises questions about possession of victim data.
  5. Ransomware attack on French hospital. Disruption in operations forces hospital to refer patients elsewhere.
  6. Twitter whistle blower. Twitter’s former security chief reveals deficiencies in security measures.

1. APPLE’S ZERO-DAY VULNERABILITIES 

Last week, Apple disclosed that it had uncovered two zero-day vulnerabilities affecting its iOS, iPadOS, and macOS Monterey platforms. Both vulnerabilities, if exploited, could allow a remote attacker to execute arbitrary code on the device, effectively granting complete control of said device. Apple has released emergency security updates for both vulnerabilities.

 

SO WHAT?

This announcement by Apple is a pertinent reminder to update your devices regularly so as not to miss critical security patches.

 

 

2. LOCKBIT HIT BY ALLEGED RETALIATORY DDOS ATTACK  

Earlier this week, a distributed denial of service (DDoS) attack took the dark web leak sites of the prolific ransomware group LockBit offline. LockBit has blamed the attack on Entrust, a US-based cyber security company that LockBit targeted in June 2022. As of last week, LockBit has been leaking Entrust's data.

Entrust has declined to comment on LockBit’s allegations.

 

SO WHAT?

We may never know for sure who was behind the attack on LockBit, but it did successfully disrupt the group’s operations. If it was carried out by a victim this would be an unprecedented development.

 

 

3. LLOYD’S TO END INSURANCE COVERAGE FOR NATION-STATE CYBER ATTACKS     

The global insurance market Lloyd’s of London will exclude state-backed cyber attacks linked to war or catastrophic damages from insurance coverage, starting in 2023. This comes amid concerns about the proliferation and rising costs associated with nation-state cyber attacks.

  

SO WHAT?

The move by Lloyd’s is in response to the hardening cyber insurance market. Although an important tenet of cyber risk management, cyber insurance should not be treated as a replacement for important security controls.

 

 

DOWNLOAD NOW

 

4. DONUT LEAKS AND ROGUE RAAS AFFILIATES

Researchers have discovered what appears to be the emergence of a new ransomware group, dubbed Donut Leaks. The group recently claimed responsibility for an attack on the UK-based architectural firm Sheppard Robson. Interestingly, Donut Leaks’ extortion site includes extensive data on other recent attacks that were claimed by the threat groups Ragnar Locker and Hive. This suggests Donut Leaks likely participated in these attacks as an affiliate and has retained control over some of the data.

 

SO WHAT?

Given the rise of the ransomware-as-a-service (RaaS) model, paying a ransom to one threat group may not always protect against the threat of a data leak. Businesses should be aware that there could be undisclosed affiliate groups also participating in hacks.

 

 

5. RANSOMWARE ATTACK ON FRENCH HOSPITAL 

A ransomware attack has caused significant disruption to a French hospital, the Center Hospitalier Sud Francilien. The attack has left the hospital’s business software, storage systems, and core parts of its information system inaccessible, forcing the establishment to refer patients to other medical centres.

Various sources believe that the group behind the attack is a LockBit affiliate, which would violate the RaaS operator’s rule not to encrypt the systems of healthcare providers.

 

SO WHAT?

RaaS is a constantly evolving business model, which makes it harder to predict the extent to which new affiliates will be allowed to violate the operator’s rules in return for higher profit.

 
 

6. TWITTER WHISTLE BLOWER 

Twitter’s former security chief, Peiter Zatko, has revealed that the company lied about spam bots and safety. Zatko explained that the company deceived users, board members, and the federal government about the strength of the company’s security measures, leaving them vulnerable to be hacked. Twitter has denied the allegations.

The revelations will likely bolster Elon Musk’s attempt to extricate himself from his USD 44 billion agreement to purchase the company.

 

SO WHAT?

An absence of necessary critical security controls or an indication of poor security governance will likely have a negative impact on the sale of an organisation, and should be closely considered prior to entering a deal life cycle.

 
 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Senior Analyst, Cyber Security Email Miles
James Tytler
James tytler Senior Analyst, Cyber Security Email James

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report