The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
-
Optus under fire. Australian telecoms company faces government and public ire after data leak.
-
LockBit leak. Developer leaks LockBit’s newest ransomware builder, lowering the barrier to entry for would-be attackers.
-
Shields up. Ukraine warns of Russian cyber attacks against critical infrastructure, while META tackles Russian disinformation campaign.
-
Public figures’ data leaked. Ransomware attacks on luxury food company Daylesford Organic and TAP Air Portugal lead to the data of celebrities and politicians being leaked.
-
Freezing and seizing ransomware payments. New UK bill takes aim at misuse of cryptocurrency.
-
You’re nicked! Police arrest 17-year-old hacker believed to be behind GTA 6 and Uber breaches.
1. OPTUS CYBER ATTACK FALLOUT
Amid rising public anger, the Australian government has come down hard on telecommunications company Optus after the personal data of 10,000 customers were leaked on the dark web. Cyber security minister Clare O’Neil refuted Optus’ claims that it was the victim of a sophisticated hack, and the Australian Prime Minister has insisted that the company pay for new passports for data leak victims.
Confusingly, several hours after the leak, the threat actor apologised and deleted the data. However, victims have already received threatening text messages from scammers demanding payment.
SO WHAT? Threat actor behaviour can be highly unpredictable. Companies should carefully consider their engagement and communication strategies in the event of a breach to manage the public’s reaction and minimise reputational damage. |
2. LOCKBIT 3.0 RANSOMWARE BUILDER LEAKED
Last week, a disgruntled developer formerly employed by the ransomware gang LockBit leaked the group's latest ransomware builder on Twitter. The leaked builder – which includes an encryptor, decryptor, and various other specialised tools – contains everything necessary to launch a sophisticated and targeted ransomware attack.
One ransomware gang has already started to use the leaked LockBit builder to launch attacks against vulnerable companies.
SO WHAT? All organisations, large and small, should be prepared for a ransomware attack. Adopt a defence-in-depth approach by implementing multiple security controls, including a strong patch management programme, multi-factor authentication (MFA), and an endpoint detection and response solution. Critically, ensure you have viable backups stored offline to facilitate a quick recovery if you do suffer a ransomware attack. |
3. UKRAINE WARNS ALLIES OF RUSSIAN CYBER ATTACKS
According to Ukrainian military intelligence, the Russian government is planning a large-scale cyber operation aimed at critical infrastructure including the energy sector. Ukraine's allies, primarily Poland and the Baltic States, will likely face intensified distributed denial of service (DDoS) attacks.
Elsewhere, Meta took down a network of Facebook and Instagram accounts associated with a Russian disinformation campaign targeting Europe.
SO WHAT? Western governments and cyber security experts have long warned that Russian state-sponsored cyber attacks against Ukraine could spill over. Although the evidence of such impacts so far has been limited, organisations must remain vigilant to such threats.
|
4. PUBLIC FIGURES’ DATA LEAKED
A ransomware attack on Oxfordshire-based luxury organic farm shop Daylesford Organic has led to the personal data of several high profile UK celebrities, including Jeremy Clarkson and Sir David Attenborough, being leaked on the dark web. Meanwhile, the personal information of Portuguese president Marcelo Rebelo de Sousa and other Portuguese politicians was leaked following last month’s attack on Portuguese airline TAP Air Portugal.
SO WHAT? High profile individuals can fall victim to data leaks, potentially leading to additional security risks. Anyone who is listed in a data breach should be wary of unsolicited communications and avoid sharing any sensitive information.
|
5. FREEZING AND SEIZING RANSOMWARE PAYMENTS
New legislation introduced to the House of Commons last Thursday, named the Economic Crime and Corporate Transparency Bill, aims to stem the rise in cryptocurrency use by cybercriminals. The bill will provide UK law enforcement agencies with a legislative framework to quickly and easily “seize, freeze, and recover” cryptocurrency associated with ransomware attacks or other illicit activity such as fraud and money laundering.
SO WHAT? Law enforcement agencies around the world have had occasional success in seizing and returning ransomware payments, but organisations should continue to assume that any such payment cannot be recovered.
|
6. TEENAGE GTA 6 HACKER ARRESTED IN OXFORDSHIRE
City of London Police have arrested a 17-year-old suspected of orchestrating last week’s high-profile attacks on Rockstar Games and Uber, which were attributed to the hacking group Lapsus$. The unnamed teenager had prior hacking convictions, and plead not guilty to charges of computer misuse in court on Monday. The arrest came following collaboration with the FBI.
SO WHAT? Organisations should be prepared to handle complex public relations challenges following a cyber incident. Table top exercises and practical run throughs can be invaluable in stress testing incident response plans.
|