The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Scams during national mourning period. UK Government warns of potential phishing attacks exploiting the death of Her Majesty the Queen.
- International data breaches. General Elections Commission of Indonesia hacked, plus American moving and storage giant U-Haul also targeted.
- Advanced phishing techniques emerge. Catch the latest on two sophisticated phishing techniques.
- US imposes sanctions on Iranian intelligence. Iranian Ministry of Intelligence and Security held accountable for Albanian attacks.
- Long Island hit by cyber attack. Local councils remain a favourite of threat actors.
- Patch time! Microsoft releases patches for September’s Patch Tuesday and Apple fixes zero-day vulnerability.
1. warning of scams expLoiting death of queen elizabeth ii
The UK’s National Cyber Security Centre (NCSC) has warned of a potential increase in phishing emails and scams exploiting the death of Her Majesty the Queen. Threat actors may seek to create a sense of urgency and take advantage of individual’s emotions for their own financial gain. The NCSC has stated that there is no need for a ticket or payment to attend the Lying-in-State at Westminster Abbey.
SO WHAT?Individuals should be wary of any communications received concerning the arrangements for Her Majesty the Queen’s funeral, especially if it requests user action.
2. international data breaches
This week, there were reports of two major data breaches in which hackers stole sensitive data from millions of victims:
Moving and storage giant U-Haul disclosed that it suffered a data breach last month. Hackers gained access to customers’ names, driver's licenses, and state identification numbers.
A hacker using the alias Bjorka stole the Personally Identifiable information (PII) of 105 million Indonesian citizens from the General Elections Commission of Indonesia. The data is being sold for USD 5,000 on the dark web, and includes full names, ages, national ID card numbers and a range of other sensitive data.
Having PII leaked to the dark web will increase a victim’s exposure to fraud and impersonation-based attacks. Companies must take responsibility when collecting, storing, and deleting customer data. Poor data security practices may lead to significant regulatory penalties.
3. new phising techniques on the rise
An Iranian-based threat group known as TA453 has adopted a multi-persona impersonation technique in its phishing campaigns. This means that they use several actor-controlled email accounts on a single email thread to make their messages appear legitimate.
Separately, a "browser-in-the-browser" phishing technique, whereby threat actors mimic an entire pop-up browser window, has been used to steal the credentials of Steam users.
While in a typical campaign the threat actor will send a malicious link designed to steal their target’s account credentials, it is also sometimes their aim to simply obtain valuable information from their victim. Raising staff awareness of these increasingly complex techniques is essential.
4. us sanctions iranian intelligence over cyber attacks in albania
Last week, the Office of Foreign Assets Control in the US sanctioned Iran’s Ministry of Intelligence and Security for their alleged role in coordinating the recent cyber attacks against the Albanian government’s IT systems. In addition to July’s attacks, the same Iranian threat actors have been named responsible for a second attack that targeted Albania’s State Police last weekend.
SO WHAT?The escalating diplomatic situation in Albania, which now includes sanctions as well as the severing of diplomatic ties, continues to serve as an indication for how the international community may respond to state-sponsored cyber attacks moving forward.
5. suffolk county hit by cyber attack
The ransomware group BlackCat/ALPHV targeted Long Island in Suffolk County, a local council in the state of New York, resulting in the county’s websites and emails to be taken offline. The intrusion has prevented the provision of essential services, such as paying taxes.
SO WHAT?Local governments and councils are attractive targets for threat actors. They can be under resourced and ill equipped to defend against less sophisticated cyber attacks. The motive for these attacks is not necessarily financial reward, but the disruption that they have on service delivery at a local level.
6. patch time
For September’s Patch Tuesday, Microsoft has released security fixes for 64 vulnerabilities. This includes a bug that allows threat actors to obtain elevated privileges to vulnerable devices.
Separately, Apple has rolled out patches for security flaws in iOS and macOS, including a zero-day vulnerability, which could allow a malicious app to take control of affected devices.
SO WHAT?Organisations should review whether any affected software is employed in their estate and implement available patches as soon as possible.