The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- Not the first time. Olympus and Banco Pichincha announce cyber incidents.
- Password spraying attacks. New Iran-linked threat group responsible for attacks against tech firms.
- Twitch suffers data breach. Source code and other intellectual property leaked.
- Sandwiches, spy games, and submarine secrets. Lessons to learn from insider threat.
- iOS exploit. iOS is affected by yet another zero-day allowing attackers to remotely execute code.
- Don’t fear, Patch Tuesday is here. Microsoft and Adobe release critical updates to install.
1. Olympus and Banco Pichincha experience further cyber incidents
- Japanese technology company Olympus has announced that it detected a potential cyber security incident affecting its IT systems in the US, Canada, and Latin America. The attack follows the September 2021 ransomware incident affecting Olympus' EMEA IT systems believed to be perpetrated by BlackMatter.
- Separately, Ecuador's largest private bank Banco Pichincha announced that it experienced a cyber-attack that resulted in widespread disruption. Banco Pichincha has not confirmed the nature of the attack, but reports indicate it is ransomware. This incident follows the February 2021 data breach after the cybercrime group Hotarus Corp gained access to a database controlled by one of Banco Pichincha’s suppliers.
SO WHAT? Following a cyber incident, organisations should review their existing cyber security controls and address areas of weakness to avoid similar incidents occurring again.
2. Active new threat group (Dev-0343) linked to Iran
Microsoft has attributed password spraying attacks against more than 250 Office 365 tenants to a new Iran-linked group tracked as Dev-0343. US and Israeli defence technology companies, Persian Gulf ports of entry and global maritime transportation companies have been targeted.
While less than 20 of Dev-0343’s attacks have been successful, Microsoft warns affected industries of the increased ongoing risk and released indicators of compromise.
SO WHAT? Consult Microsoft’s recommended defences if your organisation operates in Dev-0343’s targeted regions or industries. These include enabling multi-factor authentication, reviewing Active Sync clients, and using password-less solutions for authentication.
3. Data breach sends a Twitch down the spine
An anonymous user leaked 125GB of intellectual property and sensitive data belonging to the live streaming service Twitch on the 4chan messaging board. The leak has been labelled “part one”, implying that there may be more to come.
The anonymous user claimed their intention was to “foster more disruption and competition in the online video streaming space.” The leak includes, but is not limited to, details regarding Twitch creator pay-outs and Twitch’s internal security tools.
SO WHAT? At a minimum, organisations must take steps to ensure that their most valuable assets are protected by several layers of defence, including access controls, secure encryption algorithms, and ongoing monitoring of security logs to identify potential malicious behaviour.
4. US Nuclear Submarine Secrets Hidden in a Sandwich
A navy engineer and his wife attempted to pass submarine propulsion secrets via Proton Mail and memory cards hidden in sandwiches. For a year the not-so-stealthy couple sold sensitive information via encrypted email and dead drops, only to find out they had been duped by an undercover FBI agent.
The couple were paid upwards of USD 30,000 in cryptocurrency by the FBI, which the saboteurs believed was coming from a foreign government.
SO WHAT? Aspects of the insider threat have changed: encrypted email and cryptocurrency make online data drops significantly harder to trace. Other aspects haven’t: whilst checking employee lunches is perhaps a step too far for many companies, understanding the ‘human element’ of the insider threat remains as important as ever.
5. An Apple a day did not keep the zero-day away
iOS versions 14.7.1 to 15.0.1 are susceptible to a zero-day vulnerability that can allow for remote code execution on compromised devices. Security researchers have already published a proof-of-concept code for the vulnerability.
This vulnerability is being actively exploited within a month of iOS 15 being released. Data show 22% of zero-days this calendar year have affected Apple products.
SO WHAT? Organisations that utilise Apple products, including iPhones, should implement security measures such as anti-virus software, app controls, and user awareness programmes, just as they would with systems traditionally considered more vulnerable, such as Microsoft Windows. If you are currently running iOS versions 14.7.1 to 15.0.1, upgrade to iOS 15.0.2 immediately.
6. Don’t fear, Patch Tuesday is here
Microsoft has released patches for over 70 vulnerabilities, of which four address zero-day vulnerabilities. One of the patched zero-days (CVE-2021-40449) has been actively exploited in the wild by the China-based hacking group IronHusky. Attackers have used the exploit to elevate privileges and take control of Windows servers before deploying a remote access trojan (RAT) to exfiltrate data.
Adobe also released multiple updates, fixing three critical vulnerabilities impacting Adobe Acrobat, Adobe Reader, and Adobe Connect.
SO WHAT? Don’t delay these Patch Tuesday updates, especially as the vulnerabilities become more widely known and more threat groups start to exploit them.