The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
This is our final briefing for 2022. Following a two-week break for the festive period, we’ll be back with the next edition on 6 January 2023.
top NEWS stories this week
- Coming for the crown. Royal ransomware emerges as a major threat.
- Operation 'Power Off'. International law enforcement takes down major DDoS-for-hire service.
- Nightmare before Christmas. Government organisations targeted in ransomware attacks.
- Vendor risk. Uber impacted again after security incident at third-party vendor.
- Change in strategy. Japan to legalise offensive cyber operations.
- Keep patching. Microsoft, Fortinet, and Citrix patch software vulnerabilities.
1. ROYAL RANSOMWARE EMERGES AS A MAJOR THREAT
S-RM has observed a significant increase in attacks involving the Royal ransomware strain, which was first detected in early 2022. The ransomware partially encrypts files in a way that evades conventional anti-virus and defence mechanisms. Security researchers have also noted similarities with Conti’s ransomware.
Threat actors seek to find novel techniques to compromise their victims. Adopting a multi-layered defence strategy that makes use of threat intelligence, employee training, and protection/detection security solutions will reduce the likelihood of a compromise.
2. MAJOR DDOS-FOR-HIRE PLATFORMS TAKEN DOWN
Law enforcement agencies in the US and Europe have taken down 48 domains involved in selling distributed denial of service (DDoS) attacks. DDoS attacks flood target websites with malicious traffic to the point that they are unable to respond. One of the websites was used to carry out more than 30 million attacks according to Europol.
While DDoS attacks are unsophisticated, they have a low barrier to entry for criminals and can have significant reputational and financial consequences. Consider implementing protective measures such as load balancers in your network to mitigate the impact.
3. RANSOMWARE GROUPS ATTACK GOVERNMENT ORGANISATIONS
The ransomware group LockBit has claimed to have stolen 76 GB of data from the California Department of Finance. The department has confirmed it is responding to a cyber security incident. LockBit has set a deadline of 24 December to receive the ransom payment.
Separately, the Play ransomware group has claimed responsibility for an attack on the Belgium city of Antwerp. The breach of the city’s IT provider Digipolis took place last week and caused disruptions to various IT, email, and telephone services throughout the city.
When public organisations are hit by ransomware, the knock on impact can be significant. Public-facing organisations should build resilience by investing in ransomware readiness assessments.
4. 77,000 EMPLOYEE DETAILS LEAKED IN UBER DATA BREACH
Uber has suffered its second data breach of the year after the details of over 77,000 employees were leaked on a dark web forum. The employee details were leaked after hackers reportedly gained access to Uber’s IT asset management providers.
5. JAPAN PLANS FOR CYBER OPERATIONS
The Japanese government plans to amend its legislation to allow it to engage in offensive cyber operations against foreign hackers. These amendments will allow the government to retaliate during attacks against private sector companies and critical infrastructure.
Sometimes the best defence is offence. Consider investing in penetration testing services to ensure your network perimeter is secured.
6. MAJOR PATCHING UPDATES FOR CRITICAL VULNERABILITIES
- Microsoft’s final Patch Tuesday of the year includes fixes for dozens of vulnerabilities, including for a Windows SmartScreen security feature bypass which was being actively exploited.
- Fortinet has advised users to patch their devices against an actively exploited SSL-VPN vulnerability that could allow for unauthorised remote code execution.
- Citrix has released an emergency patch to fix a flaw in a commonly used application delivery controller, following exploitation by a Chinese hacker group.