The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Unexpected delivery. LockBit leaks negotiation transcript with Royal Mail International.
- DDoS on the rise. KillNet disrupts NATO earthquake relief effort and Cloudflare mitigates largest attack to date.
- The revolution will not be televised. Hacktivists disrupt president’s speech on Iranian state TV.
- Under attack. Tonga Communications Corporation and City of Oakland hit with
- Popped. Pepsi Bottling Ventures (PBV) discovers network intrusion after nearly three weeks.
- Game over. New ransomware strain ‘Mortal Kombat’ spreads through phishing emails.
- Patch Tuesday. Microsoft addresses multiple vulnerabilities in February 2023’s Patch Tuesday.
1. NEGOTIATIONS BETWEEN ROYAL MAIL INTERNATIONAL AND LOCKBIT LEAKED
LockBit claims to have leaked its entire negotiation transcript with Royal Mail International following last month’s cyber attack. Believing they had compromised the parent company rather than a smaller subsidiary, LockBit demanded a ransom of USD 80 million, which they calculated to be 0.5% of their target’s revenue. Royal Mail refused to pay, rejecting the demands as “absurd”.
2. DDOS ATTACKS ON THE RISE
Russian hacker group KillNet has claimed responsibility for a DDoS attack on NATO’s Special Operations website, disrupting an aid mission for the victims of the Turkey-Syria earthquake. The attack took the website down for several hours.
Separately, content delivery and DDoS mitigation network provider Cloudflare detected and mitigated the largest volumetric DDoS attack on record. The attacks were reportedly launched from 30,000 IP addresses with the largest attack exceeding 70 million requests per second, a 35% increase from the previous reported record.
3. HACKTIVISTS DISRUPT IRAN PRESIDENT’S REVOLUTION DAY SPEECH
The Iranian hacktivist group known as Edalat-e Ali took over a live TV broadcast during President Raisi's speech to mark the anniversary of the Islamic Republic. The group displayed the slogan “death to Khamenei”, the supreme leader of Iran, and called for protests and the withdrawal of money from government banks.
4. RANSOMWARE CONTINUES TO IMPACT PUBLIC SECTOR ORGANISATIONS
State-owned telecommunication company Tonga Communications Corporation has notified its customers of a ransomware attack that is impacting its administrative functions. A separate attack on the City of Oakland in California is severely affecting the provision of public services.
Public sector organisations are a popular target for ransomware. Recent high-profile attacks demonstrate the importance of having a cyber security risk management strategy to help identify, analyse, evaluate, and respond to key cyber security risks.
5. PEPSI BOTTLING VENTURES SUFFERS DATA BREACH
Pepsi-Cola’s manufacturer and distributor Pepsi Bottling Ventures (PBV) has suffered a data breach that exposed employees’ personal and financial information. Attackers accessed PBV’s network for nearly three weeks before being detected.
Timely cyber intrusion detection is critical in limiting damages caused by a data breach. Ensure your network is properly segmented to slow an attacker’s progress and reduce the impact of the intrusion.
6. NEW RANSOMWARE STRAIN SPREAD THROUGH PHISHING EMAILS
Security researchers have identified a new ransomware campaign dubbed ‘Mortal Kombat’ that is targeting individuals and entities in the US. The ransomware is distributed through phishing emails, which encourage recipients to open a zip file attachment that mimics a cryptocurrency invoice. The ransom note displays an image from the video game Mortal Kombat.
To protect your organisation, emails with unprompted attachments and links should be treated with extreme caution. Investing in phishing training can help improve awareness as can notifying employees of prevalent phishing campaigns.
7. PATCH TUESDAY
Microsoft has patched 77 vulnerabilities, including three zero-day vulnerabilities that were actively exploited by cyber criminals. The vulnerabilities, nine of which were classified as critical, could allow unauthorised access, data theft, or denial of service attacks.
Most patches are available automatically through Windows Update. However, one patch will be issued through the Microsoft Store.
SO WHAT?Organisations must ensure they have the latest security updates installed to reduce the likelihood of suffering a security breach. Ensure you have both Windows Update and Microsoft Store automatic updates enabled to benefit from the latest patches.