The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
-
Guilty as charged. Uber's former security chief convicted for covering up 2016 data breach.
-
Moody’s warning. USD 22 trillion of rated debt has high exposure to cyber risk.
-
Data breaches down under. Telstra and G4S hit as Australian government tightens up legislation.
-
Insider threat. IT administrator sabotages former employer using his old credentials.
-
Microsoft Exchange zero days. New vulnerabilities being actively exploited in the wild.
-
Trouble in paradise. Luxury hotel group Shangri-La reports major data breach.
-
Phishing convictions. Hackers in Germany and the US found guilty of multi-million dollar schemes.
1. FORMER UBER CHIEF SECURITY OFFICER CONVICTED OF DATA BREACH COVER-UP
A jury in San Francisco has found Uber’s former chief security officer Joe Sullivan guilty of concealing a data breach from authorities and obstructing a federal investigation. In 2016, Sullivan used the company’s bug bounty programme to pay off hackers and had them sign a non-disclosure agreement following a breach affecting the personal data of over 57 million customers and drivers.
This is reportedly the first criminal prosecution of a company executive over the handling of a third-party hack and is expected to set a precedent for future cases in the US.
SO WHAT? Failure to report a breach to the authorities in a timely manner can result in significant legal consequences. Stakeholders should consider their personal legal obligations in the event of a security incident.
|
2. MOODY’S WARNS DEBT CYBER RISK RISING
Credit ratings agency Moody’s reported that 28% of its rated debt, worth USD 22 trillion, has a high or very high exposure to the risk of cyber attack. The figure is USD 1 trillion more than the last assessment in 2019. Critical infrastructure including hospitals and water companies, which have been the target of recent attacks, are most at risk.
SO WHAT? All major credit ratings agencies now consider cyber risk when making assessments. Just as it has become increasingly difficult to obtain cyber insurance, it will likely become more difficult to attract additional capital or finance without the proper investment into a robust cyber security programme.
|
3. DATA BREACHES DOWN UNDER
Following last week’s Optus hack, two more large Australian businesses have fallen victim to cyber attacks:
- The personal information of Australian employees of security firm G4S – including tax file numbers, bank account information, and medical checks – was posted online after a ransomware attack.
- The personal data of over 30,000 employees of Australian telecoms company Telstra were leaked following an attack on a supply chain partner.
SO WHAT? The Australian government has announced major changes to data privacy rules following the Optus attack. Organisations should ensure they stay abreast of new cyber-related legislation to avoid falling foul of regulators.
|
4. INSIDER THREAT
An IT systems administrator in Hawaii pled guilty to deliberately sabotaging the operations of his former employer in the hope that he would be hired back and offered a pay rise. He was able to misdirect the company’s web and email traffic to external computers using his old credentials.
SO WHAT? Businesses should ensure that former employees’ access to their systems is immediately revoked. A recent survey of 500 organisations found that 20% have experienced data breaches by former employees.
|
5. MICROSOFT EXCHANGE ZERO DAYS
Security researchers have discovered new critical vulnerabilities in its Microsoft Exchange Servers. Dubbed ProxyNotShell, in reference to last year’s prolific ProxyShell vulnerability, the exploit allows threat actors to gain remote access to a victim's network and potentially deploy malware. It is already being actively exploited by threat actors, and over 220,000 servers are at risk.
SO WHAT? Organisations should check their exposure, follow Microsoft’s mitigation guidance, and patch their on-premise servers to the latest available update.
|
6. SHANGRI-LA SUFFERS DATA BREACH
Luxury hotel chain Shangri-La Group suffered a data breach between May and July this year which impacted eight hotels in Asia. Attackers obtained access to databases containing sensitive customer information, including email and postal addresses, phone numbers, and reservation dates. Shangri-La has provided credit monitoring services to victims.
SO WHAT? Organisations should have a robust incident response plan in place ahead of time so they can take appropriate and timely measures to minimise the damage caused by a data breach. The plan should define the main stakeholder roles and establish communication and escalation processes.
|
7. PHISHING CONVICTIONS
This week, German police raided the homes of three hackers suspected of orchestrating an EUR 4 million phishing scam. The emails impersonated messages from victims’ banks and were described as highly believable by federal police. Separately, in the US a 46-year-old man was sentenced to 25 years in prison for laundering the USD 9.5 million proceeds from various business email compromise and romance scams.
SO WHAT? Whilst law enforcement agencies around the world are clamping down on cyber criminals, individuals should ensure they know how to spot common phishing and social engineering techniques. Organisations should conduct regular internal phishing tests to assess staff awareness.
|