The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- Beware the legacy product: Jones Day compromised; Accellion FTA believed to be entry vector.
- Ransomware on wheels: Ransomware attacks against two major automotive companies.
- Healthcare vs cyber attacks: US and French healthcare institutions suffer ransomware attacks.
- DOJ lays down the law: US charges three North Korean hackers over extortion scheme.
- Beware Kittens bearing scholarships: UAE and Kuwaiti governments targeted in phishing campaign.
- Death, taxes, and social engineering: Scammers target US tax professionals.
Beware the legacy product: Jones Day compromised; Accellion believed entry vector
- Stolen Jones Day law firm data was posted on the dark web by the Clop ransomware group. Clop stole, but did not encrypt, the data, and claimed the attack was financially motivated.
- A vulnerability in Accellion’s file-transfer product is reportedly the root cause. The zero-day, discovered in December 2020, was also the exploited vulnerability in several other recent high-profile data theft cases.
So what? Move away from legacy products where possible, and regularly audit vendors to secure your digital supply chain.
Ransomware on wheels
- Major Canadian vehicle rental company, Discount Car and Truck Rentals, was hit by a DarkSide group ransomware attack. The group stole 120GB of data in the process. The group is increasingly active, with S-RM responding to several DarkSide ransomware cases in recent months.
- Separately, Kia Motors America reportedly suffered a ransomware attack at the hands of the DoppelPaymer group. DoppelPaymer is demanding $20 million to not leak the stolen data.
So what? Back up critical data regularly and perform restoration tests to ensure smooth recovery. These stories highlight that the automotive industry is an enticing target for ransomware actors.
Healthcare vs cyber attacks
- Healthcare organisations in the US experienced a record-high number of cyber attacks in 2020, with breaches up 50% from 2019. Ransomware attacks constituted a significant proportion of these incidents.
- US healthcare is not the only target. Two French hospitals suffered a ransomware attack, less than a week apart. The hospitals had their operations disrupted and some patients had to be moved to other locations.
So what? Patching, hardening, phishing prevention, and regularly backing up data are all things your organisation can do today to protect against ransomware attacks.
U.S. Department of Justice (DOJ) charges North Korean hackers
- Three North Korean military intelligence operatives have been charged over a hacking scheme. The hackers allegedly stole and extorted $1.3 billion from global banks and businesses.
- Multiple high-profile attacks have been attributed to the hackers. These include the 2014 Sony Pictures Entertainment hack, and the development of WannaCry 2.0 ransomware.
- Separately, North Korean hackers attempted to steal Pfizer’s Covid-19 vaccination data. The attack’s success is unclear.
So what? The DOJ’s indictment offers interesting insights into North Korea’s hacking modus operandi, including the enlistment of fraudsters to launder stolen funds.
Beware Kittens bearing scholarships
- Iranian group Static Kitten used Israeli geopolitical-themed lures to phish UAE and Kuwaiti officials. The campaign leverages the recently improved relationship between the UAE and Israel, as well as Kuwait’s offer to lead mediation between Iran and Saudi Arabia.
- Malicious URLs were distributed through two ZIP files. One file purported to be a report on Arab countries’ diplomacy with Israel, while another posed as information on scholarships.
So what? Being aware of the political context in which your organisation operates can help identify possible attacks.
Nothing’s certain in life except death, taxes, and… social engineering
- The US Internal Revenue Service has warned against social engineering attacks targeting tax professionals. The adversaries steal electronic filing identification numbers (EFINs) to commit identity theft.
- Recipients of the phishing email are asked to verify their identity. The fraudsters can then impersonate their victims and fraudulently file tax returns for refunds.
So what? Organisations should train their employees to identify phishing emails and test them, by conducting regular friendly phishing tests.
S-RM Webinar: Building Cyber Confidence
This webinar brought together experts from S-RM, Mullen Coughlin, Church & Dwight Co., Inc., Options Technology and Brown Advisory to provide guidance on mapping a path to cyber confidence. Our panel of specialists discussed the topics of governance, leadership, response, recovery, and how best to understand today's rapidly evolving cyber threat landscape. Watch it here.