header image
intelligence

Cyber Intelligence Briefing: 4 August 2023
Miles Arkwright, James Tytler 4 August 2023
4 August 2023    Miles Arkwright, James Tytler

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

top NEWS stories this week

  1. Got you covered. Research suggests cyber insurance does not incentivise victims to pay ransoms.
  2. Go phish. Recent phishing campaigns target Microsoft Teams.
  3. Friend or foe? Iran-linked cloud services provider accused of hosting infrastructure for state-backed threat groups. 
  4. Parasite. Hackers exploit Ivanti zero-day vulnerability to compromise Norwegian government. 
  5. Up for grabs. University of West of Scotland data leaked post-ransomware attack. 
  6. Knocked out. DDoS attack blocks access to Israeli oil refiner BAZAN Group’s website. 

1. RESEARCH FINDS CYBER INSURANCE DOES NOT INCREASE RANSOM PAYMENTS  

Research from the UK’s Royal United Services Institute suggests that having cyber insurance does not significantly increase the likelihood of ransom payment by victims. The paper proposes that insurance firms play an important role in reducing cyber incidents by mandating cyber security best practices for coverage. 

 

      

SO WHAT?

Cyber insurance premiums have increased dramatically in recent years. To qualify for comprehensive coverage, it is important to ensure your business has made efforts to reduce its attack surface. For advice on improving your organisation’s security posture ahead of an insurance application or renewal, reach out to one of our experts. 

 

 

2. RUSSIAN PHISHING CAMPAIGNS LEVERAGE MICROSOFT TEAMS  

A Russian hacking group tracked as APT29 has been attacking multiple global organisations, including government agencies, through a Microsoft Teams phishing campaign. The group creates fake Teams accounts disguised as technical support and adopts social engineering tactics to trick users into granting MFA approval. 

 

                                           

SO WHAT? 

Phishing campaigns are not limited to email-based attacks. Organisations should implement regular training to help employees effectively recognise and report phishing attempts across multiple platforms.

 

 

3. CLOUDZY ACCUSED OF HOSTING INFRASTRUCTURE FOR NATION STATE GROUPS 

A US-incorporated cloud services company called Cloudzy is allegedly providing server space to nation-state actors and ransomware operators, allowing them to carry out their illicit activities. The Iranian-linked company accepts cryptocurrency as payment to further facilitating anonymity. 

 

                                           

 SO WHAT?

Rogue internet service and cloud providers play a significant role in facilitating cyber crime. They are often linked to jurisdictions outside the reach of Western law enforcement.

 

 

4. HACKERS EXPLOIT ZERO-DAY TO TARGET NORWEGIAN GOVERNMENT ENTITIES 

US and Norwegian cyber security agencies have issued a warning about a zero-day vulnerability in Ivanti’s mobile endpoint management solution. Hackers began exploiting the vulnerability in April 2023, using it to gain unauthorised access to multiple Norwegian government agencies’ networks 

 

    

 SO WHAT?

Organisations should immediately apply the patches released by Ivanti to safeguard against the zero-day vulnerability.

 

 

5. SCOTTISH UNIVERSITY’S DATA ADVERTISED BY CYBER CRIMINAL GROUP 

Rhysida ransomware group has claimed responsibility for a cyber attack on the University of West of Scotland and have put the school’s data up for sale on their dark web leak site. The data includes sensitive information such as employee bank details and national insurance numbers. 

 

    

SO WHAT?

Cyber incidents can lead to the exposure of datasets containing personally identifiable informationCredit monitoring services can help affected data subjects monitor for potentially fraudulent activity.

 

 

6. ISRAEL’S LARGEST OIL REFINERY SUFFERS DDOS ATTACK 

Israel’s largest oil refinery operator BAZAN Group has suffered a Distributed Denial of Service (DDOS) attack, rendering its website inaccessible. BAZAN Group has since implemented geo-blocking measures to restrict external traffic access to their website. An Iranian hacktivist group has claimed responsibility and posted alleged screenshots of internal systems, which BAZAN Group dismissed as misinformation. 

 

    

 SO WHAT?

DDOS attacks cause major business disruption for organisations with critical services that rely on constant availability. Companies may consider implementing geo-blocking as a temporary solution when experiencing a DDoS attack. 

 

 

CRA23_Winner ShieldS-RM is proud to have been voted Cyber Incident Response Team of the Year at Zywave’s 2023 Cyber Risk Awards. Read more here.

 

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Associate, Cyber Security Email Miles
James Tytler
James tytler Associate, Cyber Security Email James

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report