header image

Cyber Intelligence Briefing: 19 February 2021

Billy Gouveia, Mona Damian 19 February 2021
19 February 2021    Billy Gouveia, Mona Damian

CHALLENGING INSECURITY: A ROADMAP TO CYBER CONFIDENCE

In our latest report, we demystify the drivers of insecurity among cyber security professionals, in so doing, mapping a path to cyber confidence.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.

OVERVIEW

Cyber Threat Intelligence Briefing

Beware the legacy product: Jones Day compromised; Accellion believed entry vector

  • Stolen Jones Day law firm data was posted on the dark web by the Clop ransomware group. Clop stole, but did not encrypt, the data, and claimed the attack was financially motivated.[1]
  • A vulnerability in Accellion’s file-transfer product is reportedly the root cause. The zero-day, discovered in December 2020, was also the exploited vulnerability in several other recent high-profile data theft cases.

So what? Move away from legacy products where possible, and regularly audit vendors to secure your digital supply chain.

Ransomware on wheels 

  • Major Canadian vehicle rental company, Discount Car and Truck Rentals, was hit by a DarkSide group ransomware attack. The group stole 120GB of data in the process.[2] The group is increasingly active, with S-RM responding to several DarkSide ransomware cases in recent months.
  • Separately, Kia Motors America reportedly suffered a ransomware attack at the hands of the DoppelPaymer group.[3] DoppelPaymer is demanding $20 million to not leak the stolen data.

So what? Back up critical data regularly and perform restoration tests to ensure smooth recovery. These stories highlight that the automotive industry is an enticing target for ransomware actors.

Healthcare vs cyber attacks

  • Healthcare organisations in the US experienced a record-high number of cyber attacks in 2020, with breaches up 50% from 2019.[4] Ransomware attacks constituted a significant proportion of these incidents.
  • US healthcare is not the only target. Two French hospitals suffered a ransomware attack, less than a week apart.[5] The hospitals had their operations disrupted and some patients had to be moved to other locations.

So what? Patching, hardening, phishing prevention, and regularly backing up data are all things your organisation can do today to protect against ransomware attacks.  

U.S. Department of Justice (DOJ) charges North Korean hackers

  • Three North Korean military intelligence operatives have been charged over a hacking scheme. The hackers allegedly stole and extorted $1.3 billion from global banks and businesses.[6]
  • Multiple high-profile attacks have been attributed to the hackers. These include the 2014 Sony Pictures Entertainment hack, and the development of WannaCry 2.0 ransomware.[7]
  • Separately, North Korean hackers attempted to steal Pfizer’s Covid-19 vaccination data.[8] The attack’s success is unclear.

So what? The DOJ’s indictment offers interesting insights into North Korea’s hacking modus operandi, including the enlistment of fraudsters to launder stolen funds.  

Beware Kittens bearing scholarships

  • Iranian group Static Kitten used Israeli geopolitical-themed lures to phish UAE and Kuwaiti officials. The campaign leverages the recently improved relationship between the UAE and Israel, as well as Kuwait’s offer to lead mediation between Iran and Saudi Arabia.[9]
  • Malicious URLs were distributed through two ZIP files. One file purported to be a report on Arab countries’ diplomacy with Israel, while another posed as information on scholarships.

So what? Being aware of the political context in which your organisation operates can help identify possible attacks.

Nothing’s certain in life except death, taxes, and… social engineering

  • The US Internal Revenue Service has warned against social engineering attacks targeting tax professionals. The adversaries steal electronic filing identification numbers (EFINs) to commit identity theft.[10]
  • Recipients of the phishing email are asked to verify their identity. The fraudsters can then impersonate their victims and fraudulently file tax returns for refunds.

So what? Organisations should train their employees to identify phishing emails and test them, by conducting regular friendly phishing tests.

S-RM Webinar: Building Cyber Confidence

This webinar brought together experts from S-RM, Mullen Coughlin, Church & Dwight Co., Inc., Options Technology and Brown Advisory to provide guidance on mapping a path to cyber confidence. Our panel of specialists discussed the topics of governance, leadership, response, recovery, and how best to understand today's rapidly evolving cyber threat landscape. Watch it here.

References

[1] Stolen Jones Day Law Firm Files Posted on Dark Web, Threat Post, 17 February 2021.

[2] Leading Canadian rental car company hit by DarkSide ransomware, Bleeping Computer, 13 February 2021.

[3] Kia Motors America suffers ransomware attack, $20 million ransom, Bleeping Computer, 17 February 2021.

[4] Rising healthcare breaches driven by hacking and unsecured servers, Bleeping Computer, 17 February 2021.

[5] Several French hospitals crippled by cyberattacks, Euronews, 16 February 2021; Cyber attacks hit two French hospitals in one week, France24, 16 February 2021.

[6] US charges three North Koreans over $1.3bn theft, BBC, 19 February 2021.

[7] U.S. charges three North Koreans in $1.3 billion hacking spree, Reuters, 17 February 2021.

[8] North Korea Allegedly Targets Pfizer to Steal Covid-19 Vaccine Data, Info Security, 17 February 2021.

[9] Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies, Anomali, 10 February 2021.

[10] Scammers target US tax pros in ongoing IRS phishing attacks, Bleeping Computer, 12 February 2021.

To discuss this article or other industry developments, please reach out to one of our experts.

Billy Gouveia
Billy Gouveia Senior Managing Director Email Billy
Mona Damian
Mona Damian Senior Analyst Email Mona

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Report