LockBit leaks negotiation transcript with Royal Mail International | Cyber Intelligence Briefing: 17 February

Top news stories this week

1. Unexpected delivery. LockBit leaks negotiation transcript with Royal Mail International.
2. DDoS on the rise. KillNet disrupts NATO earthquake relief effort and Cloudflare mitigates largest attack to date.
3. The revolution will not be televised. Hacktivists disrupt president’s speech on Iranian state TV.
4. Under attack. Tonga Communications Corporation and City of Oakland hit with
5. Popped. Pepsi Bottling Ventures (PBV) discovers network intrusion after nearly three weeks.
6. Game over. New ransomware strain ‘Mortal Kombat’ spreads through phishing emails.
7. Patch Tuesday. Microsoft addresses multiple vulnerabilities in February 2023’s Patch Tuesday.

1. Negotiations between Royal Mail International and LockBit leaked 

LockBit claims to have leaked its entire negotiation transcript with Royal Mail International following last month’s cyber attack. Believing they had compromised the parent company rather than a smaller subsidiary, LockBit demanded a ransom of USD 80 million, which they calculated to be 0.5% of their target’s revenue. Royal Mail refused to pay, rejecting the demands as “absurd”.

So what?

Threat actors often calculate ransom demands based on a percentage of revenue, but they have been known to make such assessments on false information.

2. DDoS attacks on the rise

Russian hacker group KillNet has claimed responsibility for a DDoS attack on NATO’s Special Operations website, disrupting an aid mission for the victims of the Turkey-Syria earthquake. The attack took the website down for several hours.

Separately, content delivery and DDoS mitigation network provider Cloudflare detected and mitigated the largest volumetric DDoS attack on record. The attacks were reportedly launched from 30,000 IP addresses with the largest attack exceeding 70 million requests per second, a 35% increase from the previous reported record.

So what?

A distributed denial of service (DDoS) attack involves overwhelming a website with malicious traffic to take it offline. Setting up continuous monitoring to analyse patterns and filtering out malicious traffic can reduce the impact of DDoS attempts. This is especially important if constant availability is critical to your organisation’s business operations.

3. Hacktivists disrupt Iran president's revolution day speech

The Iranian hacktivist group known as Edalat-e Ali took over a live TV broadcast during President Raisi's speech to mark the anniversary of the Islamic Republic. The group displayed the slogan “death to Khamenei”, the supreme leader of Iran, and called for protests and the withdrawal of money from government banks.

So what?

Organisations must be mindful that not all hacking is profit-driven and that they could be targeted by hacktivists with political and social motivations. Understanding your organisation’s public profile is important when assessing the evolving risk landscape.

4. Ransomware continues to impact public sector organisations

State-owned telecommunication company Tonga Communications Corporation has notified its customers of a ransomware attack that is impacting its administrative functions. A separate attack on the City of Oakland in California is severely affecting the provision of public services.

So what?

Public sector organisations are a popular target for ransomware. Recent high-profile attacks demonstrate the importance of having a cyber security risk management strategy to help identify, analyse, evaluate, and respond to key cyber security risks.

5. Pepsi bottling ventures suffers data breach

Pepsi-Cola’s manufacturer and distributor Pepsi Bottling Ventures (PBV) has suffered a data breach that exposed employees’ personal and financial information. Attackers accessed PBV’s network for nearly three weeks before being detected.

So what?

Timely cyber intrusion detection is critical in limiting damages caused by a data breach. Ensure your network is properly segmented to slow an attacker’s progress and reduce the impact of the intrusion.

6. New ransomware strain spread through phishing emails

Security researchers have identified a new ransomware campaign dubbed ‘Mortal Kombat’ that is targeting individuals and entities in the US. The ransomware is distributed through phishing emails, which encourage recipients to open a zip file attachment that mimics a cryptocurrency invoice. The ransom note displays an image from the video game Mortal Kombat.

So what?

To protect your organisation, emails with unprompted attachments and links should be treated with extreme caution. Investing in phishing training can help improve awareness as can notifying employees of prevalent phishing campaigns.