The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.
top NEWS stories this week
- Mic check. Putin’s speech interrupted by a DDoS cyberattack.
- Lead actor. LockBit ransomware spree shows no sign of stopping.
- Exec cheque. Europol-led investigation disbands criminal network conducting BECs.
- On pause. Virgin Media Television disrupted by cyber incident.
- Guests who never left. GoDaddy's systems were compromised for several years.
- Message received. Twitter users must pay for SMS-based two factor authentication.
1. PRO-UKRAINE GROUPS TAKE DOWN RUSSIAN NEWS CHANNELS
A distributed denial of service (DDoS) attack reportedly caused Russian news channels broadcasting Vladimir Putin’s annual state of the nation address to experience issues, with parts of the speech being unavailable to viewers. The IT Army of Ukraine and another anti-Russian group have claimed responsibility for the politically motivated attack.
There has been an increase in the number of distributed denial of service attacks by hacktivists with political and social motivations. Read our latest article regarding the cyber threat landscape as the Russia and Ukraine war enters its second year.
2. LOCKBIT CONTINUES TO AMASS GLOBAL VICTIMS
LockBit continues to uphold its reputation as the world’s most prolific ransomware group after it named a UK construction firm and a Portuguese water utility on its leak site. This comes a week after three large organisations were also named on the group's site.
3. FRENCH-ISRAELI CRIMINAL NETWORK DISBANDED AMID PAYMENT DIVERSION FRAUD
A joint investigation led by Europol has caused a French-Israeli criminal network conducting business email compromises (BECs) to disband. The group typically impersonated CEOs to trick employees into depositing payments into fraudulent bank accounts. Over EUR 10 million have been seized from bank accounts located in Hungary, Croatia and Portugal.
4. VIRGIN MEDIA PUT ON PAUSE BY CYBER ATTACK
Virgin Media Television in Ireland confirmed that it suffered a “major” cyber attack. The TV channel claimed that an unauthorised actor gained access to its internal systems. While some broadcasts were interrupted, the incident has now been fully contained.
Incident Response and Business Continuity plans that are well thought out and practiced can go a long way towards mitigating the impact of a cyber attack.
5. THREAT ACTORS PURSUE MULTIYEAR CYBER ATTACK ON GODADDY
The web hosting provider GoDaddy confirmed that unknown threat actors were present in their systems for multiple years. An investigation into the incident revealed that the threat actors stole source code and installed malware in GoDaddy's systems, which redirected customers from their sites to random domains. The incident is attributed to previous breaches that came to light in 2020 and 2021.
Threat hunting is a proactive cyber security activity that organisations should undertake whereby they assume a breach and iteratively search their networks to detect unknown threats.
6. MESSAGE RECEIVED
Twitter announced that it will be restricting SMS-based multifactor authentication (MFA) to paying Twitter Blue users. The social media application has encouraged affected users to make use of other forms of MFA to keep their accounts secure.
SMS-based MFA is vulnerable to sim swap attacks. Users should employ more secure solutions, such as app-based MFA. Unique and complex passwords also remain very important.