The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
-
Microsoft denounces commercial cyber weapons. Austrian company blamed for Subzero spyware.
-
Nothing is certain but leaks and taxes. LockBit claims to have hacked Italian Tax Agency.
-
T-Mobile pays up. US-based mobile carrier agrees to USD 500 million class-action settlement.
-
Cyber security company hacked. Security-vendor Entrust confirms network breach and stolen data.
-
Messaging platforms under attack. Discord and Telegram used for credential harvesting.
- Data bonanza on BreachForums. Emails and phone numbers of 5.4 million Twitter users for sale.
1. MICROSOFT FIGHTS BACK AGAINST ‘PRIVATE SECTOR CYBERWEAPONS’
Coinciding with a testimony to the US House Intelligence Committee on the dangers of ‘commercialised cyberweapons’, Microsoft has disclosed research linking an Austrian firm called DSIRF, codenamed Knotweed, to the development and sale of surveillance software called Subzero. DSIRF’s customers have used the spyware to target banks, law firms, and strategic consultancies in the UK, Austria, and Panama.
SO WHAT? Unscrupulous private companies use spyware for corporate espionage, and repressive regimes use it to target human rights advocates and political opponents. Microsoft has patched the vulnerabilities exploited by Subzero, but there is a thriving underground market for new tools like it.
|
2. LOCKBIT CLAIMS ATTACK ON ITALIAN TAX AGENCY
In perhaps its most brazen attack to date, LockBit 3.0 has listed L’Agenzia delle Entrate, the Italian tax agency, on its dedicated leak site. The group claims to have stolen 78 GB of sensitive data, including company documents, scans, financial reports, and contracts and has threatened to leak the data if a ransom is not paid.
Italian authorities downplayed the reports, but an investigation is still ongoing.
3. T-MOBILE AGREES TO SETTLEMENT IN CLASS-ACTION LAWSUIT OVER DATA BREACH
The US-based mobile carrier agreed to pay USD 500 million to settle a class-action lawsuit filed in the wake of a massive cyber attack that took place last August. The attack led to the potential exposure of sensitive personal information belonging to over 76 million people.
SO WHAT? The financial impact of a cyber attack doesn’t stop with remediation and containment. Companies that fail to put in adequate cyber security protections run the risk of being hit with large regulatory fines or expensive legal action further down the line if they suffer a breach.
|
4. ENTRUST CONFIRMS CYBER ATTACK ON INTERNAL SYSTEMS
The Minneapolis-based digital security firm Entrust, which is focused on online trust and identity management, has confirmed that attackers breached its network and stole data from its internal systems. Entrust, whose clients include various US government agencies and large healthcare and financial services organisations, has denied that the attack had any impact on its products and services.
SO WHAT? Organisations must carry out due diligence when engaging digital security vendors, and ensure that they employ cyber security best practices like reviewing third-party access regularly.
|
5. MESSAGING PLATFORMS under attack
Security researchers have observed cyber criminals exploiting functionality on the popular messaging platforms Discord and Telegram to spread malware and steal information such as passwords, credit card details, VPN credentials, and one-time passwords.
SO WHAT? While Telegram and Discord are not often used for business operations, organisations should make sure they are aware of shadow IT in use on corporate devices. One compromised app on an employee’s phone could be the first step in a more targeted attack.
|
6. TWITTER USERS’ DATA LEAKED ON PROMINENT HACKER FORUM
The phone numbers and email addresses of an alleged 5.4 million Twitter users have been listed for sale on the popular hacking forum BreachForums. Independent security researchers verified a sample of the stolen data, which is reported to be of a global nature and include information about celebrities and organisations.
Separately, BreachForums has deleted the listing of 1 billion Chinese residents’ data allegedly exfiltrated from the Shanghai Police department earlier this month.
SO WHAT? Data leaks are a common source of unwanted phone calls and spam emails for affected data subjects, and can be used to commit identity theft and other forms of fraud. Organisations that have experienced cyber incidents should monitor deep and dark web forums for evidence of their data being sold. |