header image

Cyber Intelligence Briefing: 22 July 2022

Roddy Priestley, Miles Arkwright 22 July 2022
22 July 2022    Roddy Priestley, Miles Arkwright

INVESTING IN CYBER RESILIENCE: SPEND, STRATEGY, AND THE SEARCH FOR VALUE

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.


top NEWS stories this week

  1. Hardening market. Global insurers expect cyber insurance premiums to rise. 
  2. More espionage attacks. Albanian and Belgium government agencies and services become latest victims 
  3. Cyber attack on Knauf. Ransomware attack by Black Basta disrupts business operations. 
  4. HolyGhost targets SMEs. Newly discovered North Korean threat group HolyGhost targets SMEs. 
  5. Mantis botnet. Researchers discover powerful new botnet capable of record-breaking DDoS attacks.  
  6. IoT devices. New vulnerabilities found in Internet of Things (IoT) devices. 

1. HARDENING MARKET   

A new survey of global insurers across the UK and US found that 82 percent of respondents expect cyber insurance premiums to continue to rise for the next two years. This increase is attributed to factors including the inability to accurately assess cyber security postures, increased ransom payments, threat actor sophistication, and the increased threat of software supply chains attacks.  

 

SO WHAT?

Insurers globally have introduced additional rigour to their qualification processes, increasingly requiring organisations to demonstrate higher degrees of cyber resilience as a prerequisite for being covered. Get in touch today to understand how we can help improve the cyber resilience at your organisation. 

 

 

2. CYBER ATTACKS HIT ALBANIA AND BELGIUM  

  • The Albanian government's digital services and websites went offline following a cyber attack last week. The primary motivation of the attack appears to be disruption, and although there is no attribution so far, the sophistication of the attack suggests a nation-state-backed group is responsible. 
  • Separately, China-linked threat groups have allegedly targeted Belgium's Ministries of Interior and Defence. Chinese authorities have denied the accusations.  

 

SO WHAT?

Nation state-enabled attacks are an increasingly prominent trend in the cyber intelligence landscape. Government agencies are attractive targets for espionage campaigns due to the sensitive data they hold, the criticality of their operations, and the minimal security controls that are often in place. 

 

 

3. KNAUF GROUP SUFFERS CYBER ATTACK  

The prolific ransomware group Black Basta has claimed responsibility for a ransomware attack against building materials giant Knauf. The attack resulted in major disruptions to business critical services, forcing the company to shut down all IT systems. So far, Black Basta has leaked 20 percent of the allegedly exfiltrated data. 

 

 

SO WHAT?

Black Basta is known to leverage phishing campaigns to gain initial access into their victims’ networks. Reduce the attack surface by ensuring your employees understand the risks associated with clicking on a phishing link and how to identify commonly used and sophisticated phishing attacks. 

 

 

4. HOLYGHOST ATTACKS SMES 

Researchers have uncovered a new North Korean ransomware group, specialising in targeting SMEs across the education, manufacturing, and events industries. The threat group, HolyGhost, often focuses on organisations that have previously been compromised, in hope they have failed to address previously exploited vulnerabilities.


 

SO WHAT?

Organisations that have experienced a ransomware attack often lose complete confidence in the controls implemented across their estates. For specific advice on ransomware readiness, see our article 5 Tips For Cyber Security Success and Ransomware Resilience 

 

 

5. RESEARCHERS DISCOVER POWERFUL NEW BOTNET  

Researchers have discovered a new botnet, which is being labelled the most powerful ever seen. Uniquely, the Mantis botnet relies on a relatively small number of bots (around 5,000) to launch powerful Distributed Denial of Service (DDoS) attacks. Mantis reportedly launched nearly 3,000 DDoS attacks last month. 

 

 

SO WHAT?

Mantis reflects an evolution in the sophistication of botnets. Organisations whose critical systems are particularly reliant on constant availability should ensure they have sufficient and up-to-date denial of service protections.  

 

 

6. VULNERABILITY AFFECTING IOT DEVICE  

Researchers found six security vulnerabilities in a GPS tracker (MiCODUS MV720 device) used in 1.5 million vehicles worldwide. If exploited, the vulnerabilities allow hackers to track and manipulate GPS data, gain admin access and even immobilise the vehicle.  

 

SO WHAT?

Organisations must treat all IoT devices as an extension of their network. Ensuring your IoT devices are updated, and if possible, segmenting them from the rest of your network may help reduce the damage a threat actor can cause upon compromising the IoT device.   

 

 

Cyber Intelligence Briefing

To discuss this article or other industry developments, please reach out to one of our experts.

Roddy Priestley
Roddy priestley Director, Cyber Security Email Roddy
Miles Arkwright
Miles arkwright Senior Analyst, Cyber Security Email Miles

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report