The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends and indicators, curated by our intelligence specialists.
- Accellion aftershocks: FIN11 identified as actor behind the Accellion FTA zero-day attacks.
- Federal Reserve IT outage: US banking system disrupted.
- SolarWinds Senate hearing: Victims draw attention to industry shortcomings.
- Credential stuffing attacks against single sign-on (SSO): RIPE NCC experienced a credential-stuffing attack.
- Social engineering: Scammers use Adobe Flash Player and mail couriers to socially engineer victims.
- Macs targeted by Silver Sparrow: 30,000 endpoints infected with the malware.
FIN11 identified as actor behind Accellion FTA zero-day attacks
- Cybercrime group FIN11, is likely behind recent attacks exploiting vulnerabilities in file transfer service Accellion FTA, to steal data. FIN11 is extorting its victims by threatening to publish stolen data on the Clop ransomware leak site.
- Accellion says less than 100 of its 300 customers using the legacy FTA product are affected. Canadian airplane manufacturer Bombardier is the latest organisation to publicly disclose it suffered an Accellion-related breach.
So what? If you use Accellion FTA, migrate away, right away. Legacy products are typically unsupported and will not be updated with software fixes, leaving you vulnerable to zero-day attacks.
Federal Reserve IT outage disrupts US banking system
- The US Federal Reserve experienced a significant IT outage on Wednesday. The issue was reportedly caused by an ‘operational error’.
- The outage impeded financial transactions and services throughout the day. Fortunately, the Federal Reserve managed to restore its systems after several hours.
So what? Organisations can improve their operational resilience by developing business continuity, disaster recovery, and incident management plans and regularly reviewing and testing them to validate information flows, decision rights, and integration points.
Victims of SolarWinds attack testify in US Senate
- Victims discussed communication shortcomings within and between the public and private sector during the US Senate hearing on Tuesday. SolarWinds, Microsoft, FireEye, and CrowdStrike, all victims of the SolarWinds hack, criticised the lack of information sharing during breaches, and the number of authorities requiring notification.
- Executives testifying recommended greater transparency about breaches and a mandatory reporting law with liability protection.
So what? Watch this space for the latest developments on regulatory and industry changes that emerge from the ongoing review.
Credential stuffing attacks against SSO
- RIPE NCC, which assigns IPv4 and IPv6 address spaces, disclosed a failed credential stuffing attack against its infrastructure. The attack targeted RIPE NCC’s single sign-on (SSO) service and resulted in operational downtime, but no accounts were compromised.
- IPv4 addresses are both scarce and in high demand globally. Adversaries may look to hijack existing address pools.
So what? Enforce multi-factor authentication across all accounts to protect against account take-over attacks.
Social engineering delivered in a flash
- Scammers continue to exploit trust in Google services for malicious gain. A fake update for the now-deprecated ‘Adobe Flash Player’ leveraged Google Alerts to install potentially unwanted programs (PUPs) on user devices.
- Elsewhere, threat actors posing as FedEx and DHL targeted over 10,000 Microsoft email users with a phishing attack. The phishing pages bypassed security filters by hosting content on reputable domains, including Google Firebase.
So what? Beware of attackers offering fake updates for discontinued software and, when submitting credentials online, check URLs to avoid imposter sites set-up to dupe you.
Silver Sparrow spreads its wings, targeting Macs
- A new malware dubbed Silver Sparrow has infected almost 30,000 Mac devices. The malware appears to target Apple’s new M1 chip, but its ultimate purpose remains unknown.
So what? The widely held assumption that macOS isn’t susceptible to malware is increasingly being challenged. Machines running macOS should be secured to the same standard as other endpoints, including patching regularly and monitoring for malware infections.
IN CASE YOU MISSED IT: S-RM WEBINAR - BUILDING CYBER CONFIDENCE
This webinar brings together experts from S-RM, Mullen Coughlin, Church & Dwight Co., Inc., Options Technology and Brown Advisory to provide guidance on mapping a path to cyber confidence. Our panel of specialists discuss governance, leadership, response, recovery, and how best to understand today's rapidly evolving cyber threat landscape. Watch it here.