header image

Cyber Intelligence Briefing: 17 June 2022

Miles Arkwright, Roddy Priestley 17 June 2022
17 June 2022    Miles Arkwright, Roddy Priestley

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. BlackCat on the prowl. BlackCat attacks the University of Pisa and launches a public internet leak site.  

  2. Lights out. German energy suppliers suffer cyber attacks. 

  3. Kaiser Permanente data breach. Medical records of over 69,000 people are exposed.

  4. Media organisations targeted. New malware campaign targets Ukrainian media organisations. 

  5. DragonForce strikes India. Malaysian hacktivist group launches attacks on over 70 Indian websites. 

  6. Patch time! Microsoft releases patches for 55 vulnerabilities, including the Follina zero-day bug. 

 

1. BLACKCAT ON THE PROWL

The prolific ransomware group BlackCat has claimed responsibility for a ransomware attack against the University of Pisa. The attackers exfiltrated and encrypted the university’s data, which BlackCat is leveraging to demand a USD 4.5 million ransom. 

In an interesting change of methods, BlackCat is now also leaking victim data on the public internet, as opposed to only on the dark web.  

 

SO WHAT?

The commercial costs associated with data exfiltration attacks will likely increase if stolen data is leaked to the public internet. Preventing data exfiltration should be a priority item for any cyber security programme. Labelling your sensitive data and implementing a data loss prevention solution is a good start!  

 

 

2. LIGHTS OUT 

German energy suppliers Entega and Mainzer Stadtwerke have recently suffered cyber attacks. Although the critical infrastructure of each organisation remained unaffected, with no customer data reportedly exposed, websites and staff email accounts have been impacted. 

The incidents follow a series of attacks against the German wind power industry. Wind turbine maintenance company Deutsche Windtechnik took its IT systems offline for two days following an attack in April, while wind turbine manufacturer Nordex shut down various IT systems following an attack by the Russia-aligned group Conti in March.  

 

SO WHAT?

The timings of these attacks may suggest that Russia-aligned actors have been motivated to increase German dependence on Russian oil and gas. 

 

 

3. EMAIL COMPROMISE LEADS TO HEALTHCARE DATA BREACH

American non-profit healthcare provider Kaiser Permanente disclosed a data breach affecting over 69,000 individuals. The incident occurred after an attacker compromised an employee’s email account that contained sensitive patient data including names, medical records, and lab test results.  

 

SO WHAT?

To reduce the likelihood of an email compromise, organisations should adopt a strong password policy, enforce multi-factor authentication, and block legacy authentication protocols.

 

 

4. HACKERS ATTACK UKRAINIAN MEDIA ORGANISATIONS

According to the Ukrainian cyber intelligence organisation CERT-UA, a new malware campaign targeting Ukrainian media organisations has emerged. The malware involved, CrescentImp, has been attributed to a Russia-backed threat group. CrescentImp is spread through malicious email attachments and exploits the infamous Follina vulnerability, a bug that can grant hackers remote access to a victim’s device. 

 

SO WHAT?

Follina (CVE-2022-30190) is a critical vulnerability that is being actively exploited in the wild. Make sure you apply Microsoft's latest patches to your systems to mitigate this threat. 

 

 

5. DRAGONFORCE STRIKES INDIA 

Following contentious comments from a spokesperson for India’s ruling party, the hacktivist group DragonForce Malaysia launched a wave of distributed denial of service (DDoS) attacks against over 70 Indian websites. These attacks follow the hacktivist group’s recent DDoS and defacement attacks against Israeli websites in April 2022. 

 

SO WHAT?

Organisations that have perceived political leanings or operations in geopolitically contentious regions must understand how it may impact their risk profile and attractiveness as a target.  

 

 

6. PATCH TUESDAY 

For June’s Patch Tuesday, Microsoft has released security fixes for 55 vulnerabilities, including the Follina zero-day and three critical bugs that allow remote code execution. Microsoft has also released a series of patches for its Edge web browser. 

Elsewhere, Adobe’s Patch Tuesday addresses 46 vulnerabilities from across its software offerings, several of which are rated critical. 

 

SO WHAT?

Organisations should review whether any affected software is employed in their estate, and implement available patches as soon as possible.  

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Senior Analyst Email Miles
Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report