header image

Cyber Intelligence Briefing: 20 May 2022

Miles Arkwright, Roddy Priestley 20 May 2022
20 May 2022    Miles Arkwright, Roddy Priestley

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Conti ‘fold’. The group’s bluff may have been called as they shut down operations.

  2. Iranian espionage. Iran-backed threat group launches financially motivated ransomware campaign.

  3. Out of scripts. South African pharmacy Dis-Chem suffers data breach.

  4. HTML phishing attacks continue. HTML phishing continues to be popular amongst cyber criminals.

  5. Emotet back on top. Security researchers identify resurgence of prominent malware strain.

  6. A is for Apple, P is for Patch. Apple and NVIDIA release patches for vulnerabilities and CISA issues a warning.

 

PLEASE VOTE FOR US!

S-RM is honoured to be nominated for Cyber Event Response Team of the Year at Advisen's 2022 Cyber Risk Awards. We would really appreciate your support, please cast your vote for S-RM by clicking on the link below.

Advisen Cyber Risk Awards

 

1. CONTI SHUTS DOWN OPERATIONS

The notorious ransomware group Conti has reportedly shut down its operations in an effort to rebrand into a series of smaller ransomware groups. According to security researchers, the group has taken its internal infrastructure offline, including the admin panels used to negotiate with victims and post on their leak site.

The development is likely an attempt to disassociate themselves from the heightened attention that past Conti campaigns have gathered from global legal authorities. Just last week, the US government offered a USD 15 million reward for any information leading to the arrest of Conti members. The ongoing cyber attack on the Costa Rican government is also being labelled as a publicity stunt that has allowed key Conti members to relocate into other ransomware groups, including HelloKitty, AvosLocker, Hive, and BlackCat.

 

SO WHAT?

While the infamous Conti brand may no longer exist, the Conti cybercrime syndicate will continue to be prevalent. Smaller ransomware groups have now received a collection of experienced and skilled threat actors who will help scale up operations and improve the sophistication of their attacks.

 

 

2. IRAN-BACKED GROUP TRIES RANSOMWARE

The Iran-linked threat group Cobalt Mirage has allegedly turned to opportunistic ransomware attacks for financial gain. The group’s tactics include exploiting well-known security flaws, including ProxyShell and Log4j, and appear to primarily target organisations in the US, Europe, Israel, and Australia.

 

SO WHAT?

Both APTs and cyber criminal groups look for low-hanging fruits. Organisations should patch high-severity vulnerabilities, scan for publicly exposed services, and ensure multi-factor authentication is enforced on internet-facing systems.

 

 

3. OUT OF SCRIPTS

Dis-Chem, the South African retail pharmacy giant, has confirmed a data breach that compromised the personal details of 3.6 million customers. The unidentified threat actor accessed customer names, email addresses, and mobile phone numbers from a third-party provider’s database.

 

SO WHAT?

Treat third-party risk proactively. Organisations should conduct regular security assessments on their third-party providers, focusing on the maturity of their security controls and data safekeeping policies and procedures.

 

 

4. HTML PHISHING REMAINS PREVALENT

HTML files have been one of the most popular attachments in phishing emails since the start of 2022. This is largely because email filtering solutions struggle to detect malicious HTML files compared to other traditional phishing attachments.  

 

SO WHAT?

Individuals should be wary of opening attachments from outside their organisation, particularly HTML files given their current prevalence. 

 

 

5. EMOTET RE-EMERGES AS MOST PREVALENT MALWARE STRAIN

According to security researchers, Emotet was the most commonly detected malware family in Q1 2022, representing 9 percent of all malware captured. This resurgence comes after multinational law enforcements in eight countries successfully disrupted the servers hosting this prolific botnet in January 2021.

 

SO WHAT?

Profitable malware strains frequently adapt and re-emerge following disruption by law enforcement. Emotet’s delivery recently changed from Microsoft Office documents to link files within an email. Another good reason to treat all email links as suspicious!

 

 

6. PATCHES AND CISA WARNING

  • Apple has released security updates to address a zero-day vulnerability (CVE-2022-22675) targeting Macs and Apple Watch devices. The vulnerability allows apps to execute arbitrary code with kernel privileges.
  • NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities that can lead to denial of service and information disclosure.
  • CISA has warned organisations to avoid installing certain patches released in Microsoft’s May Patch Tuesday, specifically on Windows Server domain controllers as these can cause service authentication problems

 

SO WHAT?

Organisations must deploy a consistent patching cycle to ensure all software and devices are patched promptly. Ensure that patches are rolled out in order of severity and that zero-day vulnerabilities are patched first.

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Miles Arkwright
Miles arkwright Senior Analyst Email Miles
Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report