header image
intelligence

Cyber Intelligence Briefing: 3 February 2023
Kyle Schwaeble, Jon Seland 3 February 2023
3 February 2023    Kyle Schwaeble, Jon Seland

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

top NEWS stories this week

  1. Taking stock. LockBit 3.0 attacks UK-based trading software provider.
  2. Class dismissed. Ransomware attack shuts down US public schools.
  3. Certified con. Hackers steal GitHub certificates.
  4. Serious operation. Killnet claims responsibility for DDoS attacks on US hospitals.
  5. Trust no one. Threat actors exploit Microsoft’s verified publisher badge.
  6. Keyless entry. Password manager KeePass receives warning for vulnerability.

1. TAKING STOCK 

UK financial data firm ION Group suffered a ransomware attack that impacted its derivatives section. The group that provides software used for trading and market analytics has forced UK- and US-based clients to trade derivatives manually. The prolific ransomware group LockBit 3.0 claimed responsibility for the attack and has listed ION on their leak site, threatening to leak stolen data unless a ransom is paid. ION disclosed that 42 of their clients have been affected.

 

     

 SO WHAT?

Network segmentation and strong backup practices can significantly reduce the impact of a ransomware attack.     

 

 

2. RANSOMWARE ATTACK ON US PUBLIC SCHOOLS

A ransomware attack on Nantucket Public Schools forced four public schools in Massachusetts to close on Tuesday. The cyber attack shut down the devices of all staff and students, as well as safety and security systems. No group has claimed responsibility for the attack and it is uncertain when the schools’ operations will resume.

 

     

 SO WHAT?

Schools generally have limited cyber security budgets that make them attractive targets for cyber attacks. However, basic security controls that require little investment, such as strong password policies, multi-factor authentication (MFA), and cyber awareness training, can go a long way towards reducing the likelihood of a cyber incident.   

 

 

3. HACKERS STEAL GITHUB CERTIFICATES  

GitHub has confirmed that unknown threat actors stole encrypted code-signing certificates for its Desktop and Atom applications. Once decrypted, the certificates could be used to sign unofficial applications that will appear to be created by GitHub. GitHub is expected to revoke the stolen certificates soon, rendering applications signed with those certificates invalid.

 

     

 SO WHAT?

Verify that newly integrated software and applications with GitHub certificates are not signed with the stolen certificates.  

 

 

4. DDOS ATTACKS ON US HOSPITALS  

The Russia-linked threat group Killnet has claimed responsibility for distributed denial of service (DDoS) attacks on eight hospitals across the United States. The University of Michigan Hospital and Stanford Health Care are amongst those that have reportedly had their operations impacted. The attacks are ongoing.

  

    

 SO WHAT?

DDoS attacks are often overshadowed by ransomware attacks as a significant threat to business operations. Simple content delivery and perimeter protection measures exist to mitigate the risk of DDoS attacks. 

 

 

Cyber Security Insights Report

 

5. MICROSOFT’S VERIFIED PUBLISHER BADGE EXPLOITED

Microsoft has taken steps to disable fraudulent Microsoft Partner Network accounts. Threat actors used the fake accounts to create malicious OAuth applications. A phishing campaign was designed to trick users into granting permissions to these malicious OAuth applications and ultimately compromise Microsoft 365 estates.

 

    

 SO WHAT?

The ability to grant permissions to applications in Cloud environments should be restricted to a subset of authorised users. Conduct regular audits of applications and their respective permissions.

 

 

6. KEEPASS VULNERABILITY

The Federal Cyber Emergency Team of Belgium has issued a warning regarding a vulnerability in the local password management utility KeePass. The warning states that threat actors with write access to the KeePass' configuration file may maliciously configure it to export the passwords in cleartext. KeePass has refuted the claim.

 

    

 SO WHAT?

MFA is a critical security control to prevent unauthorised access but should also be supplemented with robust privileged access management policies and procedures.

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Kyle Schwaeble
Kyle schwaeble Senior Associate, Cyber Security Email Kyle
Jon Seland
Jon seland Senior Analyst, Cyber Security Email Jon

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report